Even Old Windows Server Machines Can Fend of Hacks

Windows Server 2003

 

Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.

Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.

It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.

However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.

Network segmentation and monitoring

Network segmentation goes beyond placing vulnerable servers behind a firewall.

By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.

It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.

Application whitelisting

Whitelisting works by allowing only trusted applications to run on your computer.

It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.

Backup sensitive data

Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.

The best option

Although these ideas will help, the best solution is still to upgrade.

Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: pcworld

Microsoft’s Monthly Rollup Updates

Windows monthly rollup updates

 

You may have noticed that since October 2016 Microsoft introduced monthly rollup updates for Windows 7 SP1 and Windows 8.1.

Why?

Well, according to Technet it’s because:

“Historically, we have released individual patches for these platforms, which allowed you to be selective with the updates you deployed. This resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems:

  • Various combinations caused sync and dependency errors and lower update quality
  • Testing complexity increased for enterprises
  • Scan times increased
  • Finding and applying the right patches became challenging
  • Customers encountered issues where a patch was already released, but because it was in limited distribution it was hard to find and apply proactively

By moving to a rollup model, we bring a more consistent and simplified servicing experience to Windows 7 SP1 and 8.1, so that all supported versions of Windows follow a similar update servicing model. The new rollup model gives you fewer updates to manage, greater predictability, and higher quality updates. The outcome increases Windows operating system reliability, by eliminating update fragmentation and providing more proactive patches for known issues. Getting and staying current will also be easier with only one rollup update required. Rollups enable you to bring your systems up to date with fewer updates, and will minimize administrative overhead to install a large number of updates. (Note: Several update types aren’t included in a rollup, such as those for Servicing Stack and Adobe Flash.)” (Technet)

Now, as a user, you will get a monthly rollup that addresses both security issues and reliability issues in a single update.

Sounds OK, but what about this single monthly update rollup means users don’t have the ability to figure out exactly what fix in the rollup is causing the headache.

Only time will tell how successful this approach is going to be, so we shall continue to monitor the situation.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Windows Update KB3097877 Crashes Outlook

bad apple windows update

 

Usually, Windows updates make your life easier, but not this time.

Part of the security bulletin MS15-115, which is a critical patch to fix vulnerabilities in OpenType fonts, KB3097877 has turned out to be a bad apple.

There have been numerous reports from Windows 7 users about problems with logging in to Windows, or experiencing crashes in Outlook 2010 and 2013 when viewing HTML emails after downloading the update.

Microsoft hasn’t issued a patch to fix it, instead they’ve reissued it under the same reference (just to confuse everyone), so once you’ve remove it and are offered the same again from Windows Updates, you should be fine.

So how do you get rid of the offending update?

To remove the patch in Windows 7, open the Control Panel, Programs and Features, click “View installed updates” on the left hand side. You can now search for KB3097877, right-click on the appropriate entry and select un-install.

Alternatively, and perhaps preferably (especially if you’re actually able to login to Windows) simply check for Windows Updates again. If KB3097877 is available with a date of 12/11/2015 then install this and reboot again.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.