Security Bulletin: Update available to patch vulnerability in Ruckus wireless access points

A Ruckus vulnerability quietly announced in February received more attention last week when the U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave U.S. federal agencies a deadline of June 2 to secure their wireless access points (WAPs) against the critical CVE-2023-25717 RCE bug.

If remote web admin access is enabled for Ruckus WAPs, attackers can use malicious code to add these devices to a network designed to launch distributed denial-of-service (DDoS) attacks against other targets.

Ruckus already has patches available for a long list of devices (including devices that are end-of-life but may still be in use).

What’s really going on?
First of all — if you are not using Ruckus WAPs, this security bulletin does not apply to you.

Second, for most office and home networks, WAPs cannot be accessed from the internet, only from within a local network, so the risk here is lower. A hacker would need to be physically present in your office, connected to WiFi or ethernet, to reach your WAPs or wireless controllers. Generally, that’s just not how vulnerabilities like this are exploited. But, to be safe, we still recommend patching these devices to maintain the highest level of security.

In some cases, however, in order for administrators to manage the wireless network remotely, Ruckus has an interface enabled that can be accessed from outside the local network. When this is the case, the vulnerability in question is much more critical because it can be exploited by remote actors, and should be patched right away.

Best Practices
To prevent botnet malware infections on any network device, firmware updates should be applied regularly, admin passwords should be strong and unique, and remote admin panel access should be disabled.

Macktez Network Management reports on device status to help to identify potential vulnerabilities before they cause problems. Ongoing monitoring of network infrastructure better equips us to respond to service outages, hardware failures, and security vulnerabilities when they do occur. Manual tasks are grouped together and performed on a scheduled, recurring basis, efficiently ensuring that automated tools are working properly. If your organization would like this same protection, email Macktez and we can meet to discuss your needs.

Security Bulletin: Critical Microsoft Outlook exploit requires immediate security update

Microsoft has released security updates for Windows and Outlook that all users should apply immediately, as they address several critical security vulnerabilities that have already been exploited by Russian hackers.

If your organization’s computers are enrolled in Macktez Workstation Management, we were able to ensure that all PCs were up to date. Macktez even remotely rebooted computers that still needed a restart in order to apply the security patches.

If your organization’s computers are not enrolled in Macktez Workstation Management, you should apply updates right away to make sure that Windows and Outlook are current.

– Select Start  > Settings  > Windows Update

– Then select Check for updates.

– If updates are available, choose to install them.

Or go to this Microsoft Support page and click the “Check for updates” button.

https://support.microsoft.com/en-us/windows/get-the-latest-windows-update-7d20e88c-0568-483a-37bc-c3885390d212

If you need any help with this or have any questions, please email us to let us know what the issue is.

In addition, if your mail provider is Microsoft 365, Macktez is available to run a script that checks accounts to see if this vulnerability has been exploited at your organization.

What’s really going on?

The vulnerability allows hackers to send you a specially-formatted email or calendar invite that can share an important part of your Windows internal password management tool. This, in turn, can allow hackers to try for more targeted attacks.

The exploit appears to have been used by state-sponsored hackers in Russia against targets in Ukraine for at least the past year. If you are not involved in that conflict, it is highly unlikely that your organization has been targeted. But now that Microsoft has announced the vulnerability, bad actors everywhere are aware of it and have likely already started trying to use it against unpatched systems.

Note: macOS, iOS, and Android versions of Outlook do NOT have the same vulnerability.

Best practices

Microsoft regularly updates Windows and other Microsoft applications on the second Tuesday of every month (“Patch Tuesday”). Not all updates are as critical as this month’s, but they are all important and recommended — you should keep automatic updates on and restart your computer at least weekly to make sure that patches are fully applied and your system is current.

Macktez Workstation Management provides a core set of tools on end-user computers that allow us to manage software patching, antivirus and malware protection, and standard security policies such as screen lock and local encryption. Our clients with workstations enrolled in this subscription are guaranteed to have the latest security updates already installed, and this week we were able to issue a reboot command to any workstations that hadn’t yet completed the latest updates. If you’d like your organization to have the same protection, contact us and we can meet to discuss your options.

Security Bulletin: Goto / LogMeIn Security Breach

If you or your organization is using LastPass or other Goto services, please contact Macktez right away so we can review your security profile and address any vulnerabilities.

The full context of a 2022 security breach at Goto — the parent company of LastPass, LogMeIn, and other services — continues to broaden in scope. In addition to the serious breach of LastPass reported in November and December, this week Goto revealed that encrypted backups related to certain services, including LogMeIn Central, were removed from Goto storage along with “an encryption key for a portion of the encrypted backups.”

Macktez does not use LastPass, nor does it manage any backups through LogMeIn Central. But Macktez has used LogMeIn as a tool to remotely access client computers for years, so it is important that we consider the implications of this service being mentioned in Goto’s incident response.

After review, we are confident that no client workstations are vulnerable to unauthorized access through Macktez’s LogMeIn account.

Our threat assessment is based on the following:

– All LogMeIn users on Macktez’s account — including clients who need remote access to their own workstations — have multi-factor authentication (MFA) enforced as an added protection against a password breach.

– Any remote workstation credentials saved by LogMeIn users are saved only locally, so would not have been exposed in Goto’s security breach.

– Goto has forced all LogMeIn users to update their Goto password and MFA this week out of an abundance of caution, mitigating any possible exposure of passwords or MFA keys.

Goto’s incident response and discovery may not yet be finished, and we will continue to monitor the situation closely. But based on our specific use of Goto’s services and the security precautions mentioned above, we consider Macktez’s position, and access to our clients’ workstations, to be secure.

macOS Ventura App Compatibility Issues

(Last Updated: 2/6/2023)
On January 22, Apple began assertively pushing the upgrade of macOS to Ventura to all end users, regardless of any deferrals implemented by IT Teams due to existing app incompatibility issues. As a result, Macktez had reduced access to the software update panel temporarily for our Managed clients to delay the upgrade while we gathered more information.

We have found that the issues with common applications (particularly Adobe Creative Cloud and Malwarebytes) are minor at this point. As such, this Friday afternoon, 2/10, we are removing the delay to these pushes to end users, and allow end-user based upgrades to Ventura.

If you’re ready to take the plunge and allow Ventura updates within your organization, proceed with caution, knowing that some minor features within Adobe Creative Cloud and other third party software still may not work as expected (we’ve found so far issues involving automatic CC updates). RoaringApps is a site that tests macOS compatibility with popular software, which you can search and review for compatibility information about any specific software your company uses.

If issues do arise, or if you’d like assistance with the upgrade, please email support@macktez.com to let us know, and we can provide assistance.

Macktez Security Updates: macOS Monterey 12.6.1 and Ventura 13

(Last updated 10/31/2022)
Apple released a couple very important updates this week, and we’re reaching out today to provide information and guidance around those. The Team here at Macktez is working hard to keep your computers up to date and secure while maintaining reliable access to the softwares that help your business operate smoothly with minimal downtime. As such, we take a conservative approach to major upgrades so we can evaluate any issues, and move forward only when we are confident they are stable.

It is recommended that the Monterey 12.6.1 update be installed, and instructions for doing that are below.

Macktez advises against a Ventura upgrade at this time, because of major security revisions and some third party software incompatibilities that have yet to be addressed. For clients who subscribe to Workstation Management, Macktez will approve and release the Monterey 12.6.1 security update and delay (temporarily block) the Ventura upgrade. For clients who are not enrolled in the management toolset, caution should be taken regarding Ventura at this time.

If computers are currently running Monterey or Big Sur (or an older OS), here are some tips for updating those systems to the latest version without applying the major Ventura upgrade:

– Go to the  Apple menu in the upper left corner and select “System Preferences”
– Choose “Software Update”
– Under the Ventura banner, find ‘Other updates are available’, and click on the tiny blue text under that that says “More Info.”
– In the window that appears, select all items and click “Install now.” Note that the computer will restart, and the full update may cause downtime for an hour or so.

If you’re curious, you can find Apple’s release notes on these updates by clicking the links below.
macOS Monterey 12.6.1 https://support.apple.com/en-us/HT213494
macOS Ventura 13 https://support.apple.com/en-us/HT213488

If you have questions or run into any problems, please email support@macktez.com.

Security Bulletin: Critical macOS Updates

(Last Updated: 8/22/2022)

Apple has released critical security updates this week, and the Macktez release schedule will be tighter than for prior releases. The Managed Services group is releasing those updates for eligible computers as of 8/20/2022, but users are encouraged to manually install at any time prior to the release, when convenient.

Notes: If the computer is not yet running Monterey, it can remain at the current macOS system, and ignore any notices to upgrade to Monterey.

WHAT YOU NEED TO DO
– If you would like to control the timing of these updates by doing them on your own schedule, go to the Apple menu at the top left of your screen, select System Preferences, then Software Update. Save your work, quit all running applications and let the machine restart. If updates are available, the install can take approximately 45 minutes to an hour.
– If the machine is running Monterey, that is the only update you will see and you can click “Install”.
– If the computer is running an earlier OS, like Mojave, Catalina or Big Sur, you will see “Other updates are available” below the Monterey upgrade box. Click “More info” below that, and install the updates that pop up.
– If the above task is not completed manually, starting today, you will receive a total of 4 prompts (at 24-hour intervals) from Macktez Management to restart your machine. These prompts will show a turquoise logo, and read “Update Requires Restart”. The prompt will disappear after a few minutes, so if you miss it, you will see another one 24 hours later.
– If after the 4th prompt you still have not yet restarted, a disruptive restart will be initiated. This prompt will show a turquoise logo, and read “Mandatory Update”, and you will have approximately 10 minutes to save your work. This may disrupt your workflow for up to an hour, and could result in losing files if you don’t save your work first.

HERE ARE THE UPDATES BEING RELEASED
– macOS Monterey 12.5.1, requires a restart
– macOS Big Sur 11.6.8, requires a restart
– Security Update 2022-005 Catalina, requires a restart
– Safari 15.6.1 for Big Sur and Catalina, does not require a restart

Also available, FYI:
– iOS 15.6.1 and iPadOS 15.6.1
– watchOS 8.7, which can be installed via the Watch app on iPhone

If you have questions or run into any problems, please email support@macktez.com.

Thank you for your attention to this important matter. Macktez is confident that everyone will find these updates very easy to apply.

Bulletin: Windows 11 Upgrade

(Last Updated: 7/12/2022)

Macktez is not releasing a Windows 11 upgrade at this time, but Microsoft has begun automatic installs on compatible computers.

While there is an option to temporarily defer the automatic upgrade, Microsoft has not provided a way to stop it. In order to minimize inconvenience and potential disruption, clients should plan ahead, take control, and designate a time to manually install the upgrade on all affected machines.

This page outlines Windows 11 specs, features, and requirements. Macktez is unaware of any major compatibility issues at this time. However, if you’re concerned about a particular application, please reach out to your Strategist to review together before upgrading.

TO DEFER THE WINDOWS 11 INSTALL
To defer the Windows 11 install, follow the steps below which will enable a grace period of up to 5 weeks (an Admin login is required to change these settings). Keep in mind though, that after selecting a grace period, Windows 11 will automatically be installed.
– Right-click on the Start menu button on the Windows Taskbar below.
– Select “Settings.”
– From the left panel, click on “Windows update.”
– You will see a Pause updates option. A drop-down selection menu with options to pause for one week and up to five weeks is to the right. Select the number of weeks you want to stop automatic updates on your PC from the drop-down menu.

TO MANUALLY MANAGE THE WINDOWS 11 INSTALL
To take control over when Windows 11 is installed so as not to interrupt work, it can be manually installed.
– Right-click on the Start menu icon on the Windows Taskbar at the bottom.
– Select “Settings.”
– On the left, click on “Windows Update.”
– If updates are paused, click on the “Resume updates” button.
– Under “More options,” click on “Advanced options.”
– On the Advanced options page, make sure that “Receive updates for other Microsoft products” is toggled ON. When this is toggled on, the computer will look for updates for all installed Microsoft software.
– To allow updates to install as soon as they arrive, toggle on “Get me up to date.” Otherwise, set “Active hours,” so restarts won’t occur while the computer is actively in use.
– Click on “Windows Update” at the top of the “Advanced Options” window.
– Click on the “Check of updates” button to begin the update process manually. Future updates will happen automatically.

Note that the computer may need to restart multiple times based on the number of new updates installed. Don’t turn off the computer in the middle of the process and make sure it is plugged in. If the update process is interrupted, it can create file corruption issues that cause errors or even failure to boot.

If you have questions or run into any problems, please email support@macktez.com or call 646.274.0933 (press 0 for Support).

Security Bulletin: Critical Vulnerability in APC Batteries

(Last Updated: 3/25/2022)

A major security vulnerability has recently been identified for network-connected backup batteries made by APC (Schneider Electric).

For more context, a detailed writeup from the firm that discovered this vulnerability can be found here.

Backup batteries are often installed with file servers and network equipment to make sure that these essential devices can remain on during a brief power outage. Connecting these batteries to the network, while not necessary for them to perform their basic function, allows network managers to monitor power-related events and total power consumption of connected equipment.

The vulnerability in question is not likely to be used broadly and most offices will not be in danger unless specifically targeted, but its potential consequences are severe enough that susceptible devices must not be left unprotected.

At Macktez, we are in the process of reviewing our own records to make sure that any impacted clients receive the firmware updates they need to remain protected. We are also asking all Macktez clients to review their network racks and all server equipment to make us aware of any backup batteries we don’t know about.

While reviewing equipment, clients should confirm the following:
– Is there a device in the rack or on the floor near the network or server equipment that other devices are plugged into for power (like a power strip but much more substantial)?
– Does the device have an “APC” logo on the front?
– Is there an attached ethernet networking cable plugged into the back of the device, where power cables are plugged in?

If the answer to all of these questions is “Yes” please let the Macktez Team know immediately so that appropriate action can be taken. No equipment updates are required if backup batteries are confirmed to have no ethernet cable connected.

Finally, a general reminder for all our clients to be careful about adding any new equipment to office networks. A wide array of “internet of things” and “smart” devices are available and becoming as common in offices as TVs and coffee makers. The new technology is exciting, but the Macktez Team should be informed about all devices connected to the networks we support, including any device able to access the office WiFi. These kinds of devices often have substandard security policies and should be added to the network in a way that keeps all equipment and data safely protected.