1

SECURE IT ALERT: Microsoft Patch Tuesday Brings Critical Office Updates

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, Nov 10, 2010

Welcome to another exciting episode of Microsoft Patch Tuesday! In this batch of updates, Microsoft has focused on critical vulnerabilities in Microsoft office.  I have included WatchGuard’s description of the updates below since it is a LOT more understandable than the Microsoft version.

If you require any assistance with these or other security updates for Microsoft Windows, Office, Server etc in the Greenville or Upstate SC area, please contact us at 864.990.4748 or email info@homelandsecureit.com. We are a Microsoft Small Business Partner and provide computer service, repair, support, consultation and sales.

Two Office Security Bulletins Fix Seven Vulnerabilities

Severity: High

9 November, 2010

Summary:

  • These vulnerabilities affect: Most current versions of Microsoft Office, and the components that ship with it
  • How an attacker exploits it: Typically by enticing one of your users to open a malicious Office document
  • Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it
  • What to do: Install Microsoft Office updates as soon as possible, or let Microsoft’s automatic update do it for you

Exposure:

As part of today’s Patch Day, Microsoft released two security bulletins describing seven vulnerabilities found in components that ship with most current versions of Microsoft Office for Windows and Mac.

The vulnerabilities affect different versions of Office to varying degrees. Though the seven vulnerabilities differ technically, and affect different Office components, they share the same general scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

According to Microsoft’s bulletins, an attacker can exploit these flaws using many different types of Office documents. In one bulletin, Microsoft specifically states PowerPoint documents are vulnerable. However, they also mention any “Office files” in their other alert. Therefore, we recommend you beware of allunexpected Office documents.

If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:

  • MS10-087: Five Office Code Execution Vulnerabilities, rated Critical
  • MS10-088: Two PowerPoint Code Execution Vulnerabilities, rated Important

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.

MS10-087:

Note: Office 2004 and 2008 for Mac are also vulnerable to these flaws, however, Microsoft has not created a updates for these Mac versions yet.

MS10-088:

PowerPoint update for:

Note: Office 2004 for Mac is vulnerable to these flaws, however, Microsoft has not created an update for this Mac version yet.

For All WatchGuard Users:

While you can configure certain WatchGuard Firebox models to block Microsoft Office documents, some organizations need to allow them in order to conduct business. Therefore, these patches are your best recourse.

If you want to block Office documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features by file extensions. Some of the file extensions you’d want to block include, .DOC, .XLS, .PPT, and many more (including the newer Office extensions that end with “X”). Keep in mind, blocking files by extension blocks both malicious and legitimate documents.

Status:

Microsoft has released Office updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

G-20 Summit is latest spam attack subject

A post today on Trend Micro’s TrendLabs Malware blog pointed out how spammers will use the upcoming G-20 Summit as a way to distribute their content.

It works like this: The spammer sends emails out, they appear to come from the Japanese finance ministry and contain comments on issues related to the Summit.

Should you click on the link, it will lead to a .ZIP file, and when that is run, it opens a Word document which helps cover its tracks so that it does not appear to be malicious… Trend explains that what REALLY happens is that a malicious file is contained in the payload, and the registry is modified so that it is run at startup.

Trend Micro Worry Free Business Security Advanced and ScanMail as well as other Trend Micro products successfully detect this as the appropriately named “TROJ_DROPPER.WTH” and stops it before it gets into your system.  The actual malicious file is detected as “TROJ_AGENT.JAAK”.

This is nothing new, every major news-worthy event for the past few years has served as a transport mechanism for various malware and spam messages. If a spammer uses “US President Attacked” as a topic, chances are good, if the from address looks legitimate that a large percentage of people will open it. If that message contains ONLY spam, then at the very least, thousands or tens of thousands of people have just seen their ad about some product or another.  If it contains a link to a malicious site, many will follow that link if it looks enticing.

As always, use common sense, and be sure to employ some form of mail system protection. We recommend Trend Micro WFBS Advanced for small businesses like our own.

If you would like additional information about Trend Micro’s security products, or how you can stop or at least cut down on spam that affects your Microsoft Exchange Server, email us at info@homelandsecureit.com or call 864.990.4748. We offer Greenville and Upstate businesses free consultations, and we can help reduce your spam and mail issues!

Thinking about starting a business in the Upstate? Check out this free seminar…

I thought I would pass on some information about a seminar that may be of help to you if you are considering starting a business of your own….

If you have thought about owning your own business – then come to our FREE seminar on November 9th from 6:30-7:30 pm at 1268 Woodruff Road in Greenville.  Learn about new ways to finance a business, hear from a SBA lender, and see what the Clemson Small Business Development Center offers.  Reserve your seat today on-line at:

http://www.franchisemart-upstatesc.com/franchise-seminars/

This information comes courtesy of Curtis Harper at Transworld Business Advisors (formerly Franchisemart / Biz1Brokers).

Curtis and Transworld Business Advisors do three things, and they do them very well:

If you are wanting to sell an existing business or buy one, Curtis can help with that, as he is a broker…

How about starting up a franchise? Yep, he does that too! They have quite a selection of ready-to-go businesses that allow them to help determine the right business for you, and then it is almost plug-and-play. Franchises are attractive because you aren’t starting from scratch, you don’t have to develop business processes, source every single item or product, etc.

The last thing that Curtis can help you with is taking your existing business to the next level and actually franchising it! Imagine you have a quaint deli that has a following, and you have kind of maxed out the potential income from one location, but the costs of starting up a second location and more importantly, the manpower (There’s only so much of you to go around) make it unfeasible to do. You could potentially franchise your business and open the doors for growth.

For more information, contact Curtis directly:

www.Franchisemart-upstatesc.com

www.Biz1Brokers-upstatesc.com

Transworld Business Advisors / Franchisemart
1268 Woodruff Road
Greenville, SC 29607
(864) 991 8400
2

Trend Micro Worry-Free Business Security 7.0 is here! Adds Mac Protection & More!

Trend MicroOur number one selling security software to protect small business servers, endpoints (desktops), mobile notebook computers, and Microsoft Exchange email is Trend Micro Worry-Free Business Security Advanced. There’s a good reason for this… Our clients get the most bang for the buck from this product! It even filters SPAM!

Trend Micro products always rank in the highest levels of anti-virus protection, but just as important is the fact that the Trend Micro agents do not slow your computers down like many other products…

Now Trend Micro has taken an already incredible product and turned it up to 11! (sorry for the “This is Spinal Tap” reference).

Worry-Free Business Security v7.0 does everything the previous v6.0 did, and much more.

The following new features and enhancements are provided with version 7.0 of Worry-Free Business Security.

What’s New in v7.0

Version 7.0 of Worry-Free Business Security provides the following new features and enhancements:

o    Mac Client Protection (Advanced only) And YES, your Macs need protection too!

o    Data Loss Prevention via email templates (Advanced only): data loss prevention content filtering policies prevent sensitive information from being distributed outside the network

o    Device Control: regulates access to USB devices and network resources (Frequently asked for by businesses)

o    Customized Installation: install only needed components (Cuts down on install size dramatically)

o    Enhanced URL Filtering: including Flexible business hour settings and a separate block list from Web Reputation (Many businesses are using this to control their user’s browsing and bandwidth hogging with great success!)

o    Enhanced ScanMail for Exchange Support (Advanced Only); supports Microsoft Exchange Server 2010 (Say goodbye to spam and viruses in email)

o    Web Reputation Filter: scans URLs in email messages and takes a configurable action when detecting malicious URLs. This feature is separate from spam filtering. (This stops the number one way people are becoming infected)

o    Email Reputation Services Filter: helps block spam and malicious emails by checking the IP addresses of incoming emails against one of the world’s largest email reputation databases as well as a dynamic reputation database. It helps to identify new spam and phishing sources and stop even zombies and botnets as they first emerge. (Many businesses claim better success with Trend than with Barracuda and other spam firewall appliances)

o    Simpler and easier Security Agent user interface

o    Easier replication amongst WFBS servers

o    Enhanced blocked page with clear explanation and continue browsing option (Again, helps control those bad websites)

If you are a current subscriber to Trend Micro WFBS, this is a FREE upgrade, the only expense would be for a computer service professional to handle the install and configuration if you do not have your own IT staff.

Those who are not using Trend Micro products will be pleased to find that there is a “Competitive Upgrade” available that will let you transition from McAfee, Symantec, etc. If you are buying Trend Micro for the first time, and not renewing, there are some current specials for you too, such as the Three Years for Two campaign, letting you pay for two years and get a third year for free.

Please call us at 864.990.4748 or email info@homelandsecureit.com for pricing for your business. We also offer installation, configuration and support in the Greenville / Upstate, SC area. Should you become infected, our virus removal and cleanup service is fast & affordable.

Get $100-$500 through the Microsoft Business PC Reward by buying Windows 7 computers!

Here’s a deal for your company….   Buy some new computers, get a reward, from Microsoft!

This applies to business computers and notebooks we offer from Seneca Data / NexLink, so if you are purchasing them, you should be golden!    I have included the FAQ from Microsoft below for your reading enjoyment:

Q: Who is eligible to participate in this Reward offer?
A: This Reward Offer is valid only for customers within the Unites States purchasing: a minimum of two (2) eligible PCs preinstalled with Genuine Windows 7 Professional. Not all versions of Windows qualify, so please ensure your PC comes preinstalled with the English version of Windows 7 Professional, 32-bit or 64-bit.

Q: What are the eligible Reward offer dates?
A: Purchases of eligible PCs preinstalled with Genuine Windows 7 Professional must be made between November 1, 2010 and including January 31, 2011. Reward request(s) must be submitted before midnight (11:59 pm) EST on March 18, 2011.

Q: Which PC Manufacturers are not eligible for this offer?
A: The following PC Manufacturers, regardless of where purchased, are not eligible for this offer:

Q: When can I submit a Reward request?
A: Reward requests will be accepted up to 11:59 EST on March 18, 2011. To be considered valid, the customer invoice provided by the participant must show that eligible PCs preinstalled with Genuine Windows 7 Professional were purchased between November 1, 2010 through and including January 31, 2011.

Q: What do I need to provide to submit a request?
A: You will need to provide as your proof of purchase for each eligible PC you purchased:

  • The PC brand(s).
  • The associated Windows 7 Professional license 25-character product keys.
  • A copy of your sales receipt or order confirmation that clearly shows the date, the reseller name you purchased your eligible PCs preinstalled with Windows 7 Professional from, and the brand name(s) of the PCs you purchased. Each receipt must show at least 2 eligible PCs.

A separate submission form is required for each reseller you purchased eligible PCs from. You cannot redeem rewards for PCs purchased from multiple resellers on a single submission form. Each redemption form must be sent in a separate envelope.

Q: How many Rewards can my company receive?
A: The maximum amount of approved Rewards per Qualified Organization is $500 USD for 10 licenses. The $500 maximum in Rewards per customer sale is in effect regardless of whether the maximum was reached through one transaction or multiple transactions, as a long the minimum Rewards request is $100 for two (2) licenses.

Q: What if I do not have the product key for the eligible preinstalled Windows 7 Professional?
A: You cannot make a Reward Request without the product key. The product key will be in the format12345-12345-12345-12345-12345 and include letters and numbers. The Product Key is on the Certificate of Authenticity and will clearly label the product as a Windows 7 Professional OEM license type.

Q: Where can I find my product key?
A: Your product key is on the Certificate of Authenticity sticker affixed to your PC. Click here for more information. If you are having difficulty locating your product key, please see your reseller.

Q: How will the product key be validated?
A: The fulfillment vendor will validate each product key using a Microsoft key check tool. If the product key is not valid, or does not match the eligible preinstalled Windows 7 Professional, the request will be denied.

Q: Is there a minimum purchase to qualify for the Reward?
A: Yes. You must purchase a minimum of 2 eligible PCs preinstalled with Genuine Windows 7 Professional to receive a reward.

Q: How will the Reward be issued?
A: The Reward will be sent to you in the form of a check in US funds payable to the Partner name provided when you submitted the Reward Request. The check will be mailed to the company address you provided.

Q: What if my request is rejected?
A: You will be contacted with the reason for the rejection.

Q: How long will it take to process my Reward request?
A: Every effort will be made to process your Reward Request as quickly as possible; however, we ask that you please allow six to eight weeks for the complete processing of any request.

Q: Can I contact someone if I have questions?
A: Yes. Please call 1-800-622-4445.

If you would like to purchase a new computer workstation or notebook (or server), please contact us at 864.990.4748 or email info@homelandsecureit.com. We offer business computer sales, service, support, repair and consultation in Greenville and Upstate SC.

Trend Micro Competitive Upgrade makes switching anti-virus more attractive!

Trend Micro Anti-Virus, Anti-Spam, LogoIs your business currently using Symantec, McAfee, Microsoft or Kaspersky for corporate anti-virus protection?

If so, and you are unhappy with the current level of protection and would be interested in trying Trend Micro but the cost has been prohibitive, then maybe the Competitive Upgrade offer will encourage you to make the move!

Trend calls their program “Competitive Displacement”, and should you be using one of the aforementioned security suites, then you qualify for the discounted price. How much of a discount? A large one,  over 10 dollars per seat on Trend Micro Worry Free Business Security Standard!

These updates apply to the following Trend Micro products: Worry Free Business Security (both Standard & Advanced),  Worry-Free Business Security Services, Hosted Email Security, Hosted Email Security-Inbound Filtering, Scanmail Suite for Microsoft Exchange (SMEX Suite), Scanmail for MS Exchange Suite with Email Reputation Services, Scanmail Suite for Lotus Domino, Enterprise Security for Endpoints (Advanced), Enterprise Security for Communication and Collaboration Suite, Enterprise Security for Endpoints and Mail Servers, and Trend Micro Enterprise Security Suite.

If you would like more information about Trend Micro anti-virus, anti-malware, anti-spam products, please call us at 864.990.4748 or email info@homelandsecureit.com

We are a Trend Micro Partner and offer complete sales & licensing for a single workstation, notebook or server to thousands! We also offer installation and support in the Greenville / Upstate SC area.

Voting – Nothing to do with Computer Service, or is it?

Today is Election Day!  I hope you voted, or are planning to do so.  If you have, or will then GOOD FOR YOU for exercising your right (and duty).

If you are not planning to vote, then I thank you for trusting in me to make decisions that affect your life! It is an honor and privilege that you would permit me to speak for you… I sincerely hope that I live up to your expectations!!!!!

I won’t get into my political or religious beliefs, but I will say this – I voted for what I believe to be good for my family, my community, our businesses and our future. I focused on what this great country needs, and what is expected of us by God. The founders of the United States also did the same as they laid the framework for what is undoubtedly the most amazing country in the world.

Maybe this has nothing to do with “computer service” here in Greenville, or maybe it has EVERYTHING to do with it. As Homeland Secure IT celebrates a full year in our new office, we are grateful to our friends, family, community, clients and God for allowing us to thrive. We are grateful to the United States for the ability to do what we do, as there is no other place on this planet that allows small business to operate and flourish the way it does in America!

God Bless America!

Don’t forget leasing as an option for your next IT renews

As the end of 2010 draws near, some businesses are planning to refresh and renew tired old hardware such as desktop and notebook computers, as well as servers. Driving the updates are security requirements, new versions of operating systems, company rotation policy, depreciation schedules and more often than not, a need to overcome bottlenecks in performance and insure trouble free operation in the coming year.

Many times a company needs to purchase a new server but liquid capital prohibits them from doing so, and other times, it just makes more sense to purchase based on a lease.

Some benefits to leasing include:

  • Fair Market Value or 10% option – This option allows for a customer to have the choice to purchase or return the equipment at the end of the original term AND deduct the payments as a monthly operating expense. Upgrade equipment anytime during the lease with a “Wrap Lease” product or upgrade at the end of the term.
  • $1.00 Purchase Option – This option allows a customer to own the equipment at the end of the term for $1.00 and deduct payments over five years on a depreciation schedule or deduct all in one year under IRS Section 179. Upgrade options are still available with this program.
  • Equipment Finance Agreement (EFA) – This allows the customer to retain full ownership of the equipment from the inception of the contract. It is tax deductible under a five year depreciation schedule or under IRS Section 179. This product has unique advantages for the customer who will most likely want to exercise and early buyout option.

We are happy to be able to offer leasing terms for larger purchases, so if you have a server refresh in your future, a larger scale deployment of desktop or notebook computers, etc, call us at 864.990.4748 or email info@homelandsecureit.com for more information.

SECURE IT ALERT: FireSheep is proof of concept why public unencrypted Wi-Fi is dangerous

 

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Saturday, October 30, 2010

 

FireSheep add-on for Firefox browser is proof-of-concept why you should NOT use public / unencrypted Wi-Fi to access without extreme caution.

Last week, a tool was released that makes it possible for anyone to easily hijack your web sessions from within a browser view. When I say anyone, that means anyone. It has always been possible to do this, but this tool is so easy to use, a child could do it, or is that a caveman could do it?  Either way, once the browser extension is installed, the hacker can see a list of everyone using the public unencrypted Wi-Fi network he/she is on and what sites they are on.

The person can see in a browser sidebar WHO is logged into Facebook, Google, Twiter, Dropbox, WordPress, Evernote, Amazon, Flickr, etc, and then they simply click on your session to be logged in as you. Yes, they become YOU…  It works because it hijacks your cookie which is sent in the clear.

So think twice before you log into some site via public enencrypted Wi-Fi!!!

What can you do about this?  Good quesiton.

Option 1: Avoid public unencrypted Wi-Fi, defeating the purpose of having easy access, but offering you the highest level of protection.

Option 2: Only use sites that offer SSL/Secure logons – Actually this is sketchy because to sign into the “secure” section of most sites, the session info is still sent in the clear, so be careful.

Option 3: Use a VPN back to a gateway at your office. This insures all your traffic is encrypted.

Option 4: Try information that is available here: Force TLS

It doesn’t matter whether you are using Microsoft Windows, Apple Mac OS X, Linux, etc, this is not a *bug*, it is the nature of the beast.

Be careful out there….    If you have any questions or need assistance, please call us at 864.990.4748 or email info@homelandsecureit.com.

Homeland Secure IT Alert Footer

Homeland Secure IT Alert