Microsoft have released information regarding a critical server vulnerability that is caused by the Print Spooler service. As of yet, there is no patch available and there is known working code in the wild that can exploit it.
If exploited, a remote user could gain full control of a domain controller and customer network causing untold havoc and financial damage.
There are a few ways to mitigate this vulnerability which we have already put in place for our clients.
First, if your server does not need to be running the print spooler service, then disable it immediately! This can be done via services.msc
Second, lock down the c:\windows\system32\spool\drivers folder and subfolders. This will prevent a remote user from exploiting this vulnerability. Here is the powershell code to do this:
$Path = “C:\Windows\System32\spool\drivers”
$Acl = (Get-Item $Path).GetAccessControl(‘Access’)
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule(“System”, “Modify”, “ContainerInherit, ObjectInherit”, “None”, “Deny”)
Set-Acl $Path $Acl
This code will add SYSTEM as a DENY permission to the c:\windows\system32\spool\drivers folder and subfolders.
Identify theft is on the rise, and the most modern way of doing this is via your e-mail account. What used to be a simple but efficient tool for you to send messages is now the hub of your life especially when it comes to your personal information. What happens if you forget your bank account password? A reset e-mail gets sent to your inbox for verification. What happes when you forget your Amazon password? A reset e-mail gets sent to your inbox for verification. So what if someone had access to your inbox and could also request these password resets on your behalf? And then delete any trace of them doing so? The results are scary to think about.
In the business world, many companies have been a target of e-mail phishing scams which entice a user to a fake website where they enter their Office 365 username and password. At this point, the hackers have full access to your e-mail account, your life and potentially your whole business. More recently sophisticated scammers have been taking this a step further. They have waited and analysed your e-mail traffic to find out all the details of how your business runs, in particular, who is the Managing Director and who is the Finance Director. They then carefully wait until the Managing Director is away on holiday and send an e-mail pretending to be him directly to the Fianance Director asking for an immediate transfer of money to a particular bank account. Unfortunately, many businesses have fallen for this scam.
How can you protect yourself and your business from this kind of attack?
Imagine you locked your house door but that other people had access to your key. It would be easy for them to break in and take your belongings. If you had MFA (Multi-Factor Authentication) or 2FA (2-Factor Authentication) on your house, it would be like someone trying to open your front door with a key but in order to turn the handle a text message gets sent to your mobile phone or secure app on your phone asking permission first. This extra layer of security is vital in protecting your valuable data.
Office 365 allows you to configure MFA or 2FA on your e-mail accounts. Once activated, you will be prompted to setup the second layer of authentication either by receving a text message, phone call or via a secure app.
If you have been the target of one of the scams or would like assistance in setting up MFA / 2FA on your Office 365 accounts, please contact us on 01522 282120 or via email@example.com
You may have heard about the ever increasing Ransomware/Cryptolocker virus attacks that have been causing damage to individuals and businesses. Once the virus is on your machine, it will encrypt all of your files (including any network drive files) and then demand a ransom to retrieve your files back. In most cases, even if the ransom is paid you will still not get your files back. The only way to retrieve them is to rely on your backup system.
There are two main methods that this virus can infect your machine/network.
1. Spam e-mail with an infected attachment or hyperlink
2. Browsing an infected website
We would urge all of our clients to use extra caution when receiving e-mails with attachments or links, even if they appear to come from a legitimate source or from someone you know. If you’re not expecting an e-mail attachment, please do not open it! If you’re unsure, then contact the person who sent you the attachment first before opening it, just to be on the safe side. A lot of these e-mails pretend to come from legitimate companies such as HMRC.
Make sure that your anti-virus program is up-to-date. But please be aware that no anti-virus program can offer you 100% protection against these types of attacks. This is why extra vigilance is required.
We hope that this problem never affects you or your business but if it does, don’t hesitate to contact us.
We are currently expanding our on-site service area to cover not just Lincolnshire, but also Nottinghamshire and the surrounding areas, Newark, Mansfield, Grantham and Sleaford.
If you are based in one of those areas, please contact us to see how Lincoln IT Solutions can help your business.
www.lincolnitsolutions.co.uk | 01522 282120
Welcome to our new IT Blog! Please check back soon for the latest news and updates from Lincoln IT Solutions Ltd. Also coming soon will be FREE hints and tips to help you with your home PC!