Noel Bradford 9, Oct, 2024

Cybersecurity, Microsoft, Patch Tuesday, Patch Tuesday Updates

This years October Patch Tuesday delivers a crucial update. Microsoft is addressing 118 vulnerabilities across its platforms. Five of these are zero-days, which are actively exploited flaws requiring urgent attention. As organisations face increasing cyber threats, this month’s updates underscore the importance of maintaining a robust patching routine. Remember Patch Tuesday always proceeds Exploit Wednesday – Your Systems are at risk right now!

Key Highlights

Among the 118 vulnerabilities fixed, several stand out for their severity and the impact if left unpatched:

CVE-2024-43572: A Remote Code Execution (RCE) vulnerability in the Microsoft Management Console. This flaw can allow attackers to execute malicious code remotely, making it a top priority for patching.
CVE-2024-43573: Another RCE vulnerability, this time within the Windows Graphics Component. If exploited, attackers could gain control over a system by manipulating how memory is managed. This is a particularly dangerous attack vector for organisations reliant on graphical processes(BleepingComputer)(Qualys Security Blog).
CVE-2024-43574: Affecting Microsoft’s Speech API, this vulnerability enables remote code execution, particularly concerning in environments using voice-activated systems(Qualys Security Blog).
CVE-2024-43602: A critical zero-day in Microsoft Exchange Server. Attackers have been actively exploiting this flaw to gain unauthorised access. If you’re running Exchange in any form, this is an essential update(BleepingComputer)(Qualys Security Blog).
CVE-2024-43582: This flaw targets Remote Desktop Protocol (RDP). It allows attackers to send malicious packets. Attackers can gain control over servers without needing user interaction(BleepingComputer).

Zero-Days in the Wild

Five zero-days were addressed this month, with CVE-2024-43602 and CVE-2024-43576 (affecting Microsoft Office) already being actively exploited. Exchange Server vulnerabilities are often targets for attackers. This is due to their widespread use. It is also because of the sensitive nature of the data they manage. Patch this promptly if you’re using on-premise servers(Neowin).

Microsoft’s Official Stand

This month’s updates focus on vulnerabilities, according to Microsoft. If exploited, these vulnerabilities could allow attackers to take control of systems. They might also elevate privileges or disrupt critical infrastructure. They recommend that IT administrators prioritise updates for RDP, Microsoft Office, and any systems running Microsoft Exchange(CISA)(BleepingComputer).

Microsoft has also flagged important updates in Azure, .NET, and OpenSSH for Windows, addressing issues ranging from privilege escalation to denial of service(CISA).

Recommendations for IT Teams

The scope of vulnerabilities addressed is large. IT administrators should prioritise applying patches for internet-facing systems. They should especially focus on RDP, Exchange Servers, and Office Suite installations. These systems are often the first point of entry for attackers. Additionally, they are more likely to be exploited in the wild.

Along with zero-day vulnerabilities, the Microsoft Configuration Manager also saw a critical fix this month. It addresses an RCE vulnerability. This could allow attackers to compromise the server environment(Qualys Security Blog).

Final Thoughts

October 2024’s Patch Tuesday is a significant one. With the increasing frequency of zero-day exploits, organisations can’t afford to delay patching processes. Neglecting these updates could lead to breaches, data loss, or worse, the disruption of critical services.

At Equate, we understand the complexities of managing security in today’s digital landscape. If you’re struggling to keep up with patches, contact us. If you’re unsure about how these vulnerabilities impact your infrastructure, reach out to us. We offer expert assistance in managing your IT security and ensuring compliance.

Noel Bradford 9, Oct, 2024

Microsoft, News, Patch Tuesday, Patch Tuesday Updates

If you’re still running Windows 7, 8.1, or something even older, it’s time to face the facts. Microsoft wants you to upgrade not just your operating system. They want you to upgrade your hardware too. Windows 11 demands it. The days of squeezing every last bit of life out of your old PC are over. Here’s why you should care and why it’s time to consider moving on.

Old PCs Can’t Keep Up

Windows 11 isn’t just a pretty update. It’s packed with features that your old PC can’t handle. Think TPM 2.0, SSD storage, and more demanding security features. If your machine doesn’t have the required hardware, Windows 11 will not run properly. It will be like trying to drive a Ferrari on a footpath. Microsoft’s least requirements, like a 64-bit processor and Secure Boot, aren’t there to annoy you. They’re about performance and protection.

Still running on a hard drive? Running out of patience while you wait for your PC to boot? Windows 11 is designed for machines that can handle it. Sure, you could stick with what you’ve got, but you’ll be left in the dust. Upgrading your hardware means a faster, safer experience.

OneDrive: The Lifeboat for Your Files

Worried about losing your stuff when you switch PCs? OneDrive has your back. Back up all your files to the cloud, and when you get your new device, they’ll be right there waiting. No more transferring data with a million USB sticks or forgetting to save something important. It’s like having a moving company for your digital life. Simple, easy, and automatic.

Windows 11: What You’re Missing Out On

Windows 11 version 24H2 is more than just an update—it’s a whole new world of features. Think AI-powered search. Don’t remember the exact name of a file? No problem. Type in a few keywords, and Windows 11 will find it. It’s like having a super-efficient personal assistant inside your PC.

Another cool feature is Super Resolution in the Photos app. You can now upscale your low-quality images in seconds. Got a blurry vacation photo? Windows 11 will make it look sharp. And apps like Paint have stepped up with AI tools like Generative Fill and Erase. You can now tweak your photos like a pro, no Photoshop required.

Copilot+ PCs come with exclusive features, like Copilot Labs. This AI assistant does the heavy lifting, helping you with tasks across the system. Whether it’s managing your files or finding the perfect shortcut, Copilot makes everything easier. Why waste time fiddling when your PC can do it for you?

Time to Face the Security Risks

Windows 10’s days are numbered. It’ll be supported until 2025, but after that, you’re on your own. No more updates. No more security patches. You’re running on borrowed time. And while you might not care about getting the latest features, you should care about staying safe. Ransomware threats are more real than ever. Malware threats are also more real than ever. Sticking with old software is like leaving your front door wide open.

Windows 11 offers better protection right out of the box. With TPM 2.0 and Secure Boot, your data stays locked down tight. The old saying “if it ain’t broke, don’t fix it” doesn’t apply when it comes to your digital security. If you keep using an old system, you’re putting your personal data at risk.

The Hardware Gap: Why New is Better

Let’s not kid ourselves—new PCs are just better. They boot up in seconds, handle multitasking with ease, and come equipped with the latest security features. The days of waiting for your system to catch up to your needs are over. With a solid-state drive (SSD) and faster processors, your new machine won’t just run Windows 11—it’ll thrive on it.

Think of your old PC like an old car. Sure, it still drives, but it guzzles fuel, breaks down often, and can’t handle the long haul anymore. A new PC is like switching to a modern, fuel-efficient vehicle. It’s faster, safer, and will last you longer. It’s an investment in your productivity and your peace of mind.

Conclusion: Stop Clinging to the Past

If you’re holding onto an old PC and waiting for a miracle, you’re out of luck. Windows 11 is built for the future, and clinging to your old hardware is like fighting a losing battle. It’s time to upgrade—not just for the new features, but for better security, speed, and efficiency.

With OneDrive, moving your files is easier than ever. With AI-driven tools and security features, Windows 11 gives you everything you need to stay ahead of the curve. And with hardware getting faster and cheaper, there’s no reason to stay stuck in the past.

So, let go of your old machine. Upgrade to a new PC and experience the future of Windows. It’s worth it.

Noel Bradford 7, Oct, 2024

Microsoft, Patch Tuesday, Patch Tuesday Updates

Windows 11 has made its mark in the tech world, and now the latest 24H2 upgrade is here. If you’re considering this upgrade, you’re asking, What does Windows 11 24H2 offer? Is it worth the effort to upgrade? Let’s dive into what this Windows 11 update entails and how to guarantee a smooth transition.

What’s New in the Windows 11 24H2 Update?

Windows 11 24H2 brings a mix of performance, security, and usability enhancements. Here’s a closer look at the most significant changes and what they mean for everyday users and IT professionals.

1. Performance Improvements

The 24H2 update focuses heavily on system performance, with optimised resource allocation and background processes. This translates to a faster and more responsive user experience.

Faster Multitasking: Smoother window transitions and quicker app launches.
Improved Battery Life: On laptops, you’ll notice extended battery life thanks to more efficient power management.

2. Enhanced Security Features

Security is at the core of Windows 11, and 24H2 takes it up a notch. Here’s what’s new:

Stronger Ransomware Protection: The update includes advanced ransomware protection to safeguard your files.
Enhanced Multi-Factor Authentication (MFA): Streamlines the MFA process for individual users. It also benefits business users. This approach improves security without compromising on ease of use.
Windows Defender Integration: Deepened integration with Windows Defender provides more robust real-time protection against malware and phishing attacks.

3. User Interface and Native Apps Enhancements

The Windows 11 interface has been further refined in 24H2, making daily use more enjoyable and efficient:

Customisable Start Menu: Now you can personalise your Start Menu layout to fit your workflow.
Updated File Explorer: The new File Explorer includes improved tab management. This enhancement makes it easier to navigate multiple folders without opening several windows.

4. AI-Powered Features

AI integration continues to grow within Windows 11. 24H2 offers smarter assistance for multitasking and search functionalities. It gives users a more tailored experience.

5. Hardware Compatibility Check

Windows 11 24H2 has updated its hardware requirements to guarantee optimal performance and security. Before upgrading, check the official compatibility list to make sure your device meets the standards. The new update is designed for the latest chipsets, prioritising speed and security.

How to Upgrade to Windows 11 24H2

Ready to upgrade? Here’s how to continue:

Backup Your Data: Save your files using cloud storage or an external drive before an upgrade.
Run Windows Update: Navigate to Settings > Update & Security > Windows Update. If 24H2 is available, you’ll see a choice to download and install. Remember, Microsoft rolls out updates in stages, so don’t panic if it doesn’t right away.
Install the Update: Follow the on-screen prompts to finish the upgrade process. This takes some time, depending on your system’s hardware.
Post-Upgrade Checks: After upgrading, review your settings, preferences, and application functionality to ensure everything is running smoothly.

What If You’re Not Ready to Upgrade?

Not quite ready to jump on the 24H2 bandwagon? No problem. You can defer the upgrade by heading to Settings and managing the Windows Update options. Keep in mind, though, that older versions of Windows 11 will eventually reach their end-of-support dates. This will leave your system without crucial security updates.

Is Windows 11 24H2 the Right Move for You?

The Windows 11 24H2 update offers a suite of improvements, especially in performance and security. For those with newer hardware and a focus on security, it’s a no-brainer. Yet, if your system is older, you should consider the potential challenges. Specific applications face compatibility issues. Consider delaying the upgrade until you have thoroughly prepared.

Upgrading to 24H2 isn’t mandatory just yet. Still, staying current ensures you gain from the latest features. You also enjoy the protections Microsoft has to offer. Whatever you decide, some preparation will go a long way in ensuring a smooth transition.

And of course our expert team at Equate Group are always here to help.

Noel Bradford 11, Sep, 2024

Microsoft, News, Patch Tuesday

Microsoft’s September 2024 Patch Tuesday update has just arrived, addressing 79 vulnerabilities across a range of services and applications, including four zero-day exploits currently active in the wild. These vulnerabilities pose immediate risks to users, so patching them should be a top priority for all IT professionals.

Key Zero-Day Vulnerabilities

CVE-2024-38014: This critical Windows Installer vulnerability allows attackers to elevate their privileges without user interaction. It can be particularly dangerous when combined with other flaws that provide access to a system.
CVE-2024-38226: A security bypass flaw in Microsoft Publisher that allows attackers to exploit Office macro policies. This zero-day is being actively exploited to run malicious code.
CVE-2024-38217: A vulnerability in Windows’ Mark of the Web (MoTW) feature, which attackers can exploit to bypass key security checks like SmartScreen. This leaves systems vulnerable to malicious files downloaded from the web.
CVE-2024-43461: A spoofing flaw in Windows MSHTML that allows attackers to impersonate legitimate services and execute malicious code.

Why It Matters

The nature of these vulnerabilities, particularly the zero-days, makes them critical to address immediately. The affected software spans many essential Microsoft products, including Office, Azure, and core Windows services like Installer. Ignoring these patches leaves systems at risk for privilege escalation attacks, where attackers gain elevated access, or for remote code execution, which can lead to a full system compromise.

Besides the four zero-days, the remaining 75 vulnerabilities are just as concerning, covering areas like SharePoint, Power Automate, and Windows kernel. The potential for exploitation across these varied systems shows how diverse and far-reaching the threat landscape is, especially for enterprises reliant on Microsoft technologies.

What Is Exploit Wednesday?

The day after Microsoft’s Patch Tuesday—often dubbed Exploit Wednesday—is infamous in the cybersecurity world. While Patch Tuesday is when the fixes for vulnerabilities are released, Exploit Wednesday refers to the day when attackers often begin targeting the newly disclosed vulnerabilities, especially those that haven’t been patched yet. As soon as vulnerabilities are made public, malicious actors will rush to develop exploits, knowing that many organisations won’t have applied patches immediately.

For the layperson, Exploit Wednesday can be thought of as a race between attackers and defenders. On one side, hackers work to exploit the vulnerabilities revealed the day before, while on the other, IT teams scramble to apply the patches to prevent these exploits from being successful. If you haven’t patched your system by Wednesday, you’re essentially rolling the dice and hoping that your organisation isn’t targeted.

This race between attackers and IT administrators is why Patch Tuesday isn’t just an event for the security industry—it’s crucial for any business or individual using Microsoft products. By understanding and applying these updates quickly, you reduce your risk of becoming the next victim of cybercrime.

What You Should Do

Deploy Patches Immediately: These vulnerabilities, especially the zero-days, need to be addressed urgently. Ensure that all updates are applied across your network.
Prioritise Critical Systems: Focus on systems that are most at risk, particularly those utilising SharePoint, Windows Installer, and Microsoft Office, as these have been directly affected by zero-day vulnerabilities.
Monitor for Exploit Attempts: Even after patches are applied, monitoring systems for any signs of attack or unusual behaviour is crucial. Threat actors may have already exploited the vulnerabilities before patches were deployed.

By acting quickly and proactively applying these patches, you’ll protect your organisation from being compromised by these vulnerabilities. Microsoft has provided the necessary tools—now it’s up to businesses to ensure they’re used effectively.

For full details on the updates, refer to Microsoft’s official Patch Tuesday update notes

6 Station Approach
Wendover
Aylesbury
Buckinghamshire
HP22 6BN

[email protected]
0345 125 5400

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

October 2024 Patch Tuesday: Critical Security Updates and Zero-Days