How to Protect Your Computer from the Zero-Day Internet Explorer Exploit – UPDATED

How to Protect Your Computer from Zero-Day Internet Explorer Exploit?

On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time, Microsoft is aware of limited, targeted attacks and encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

An attacker could trigger a Zero-Day Internet Explorer exploit through a malicious webpage that the targeted user has to access with one of the affected IE browsers (IE 6 through 11). If the attacker is successful, they can run code in order to gain the same user rights as the current user. This all depends on the loading of a Flash SWF file that calls for a javascript vulnerability in IE to trigger the flaw, which also allows the exploit to bypass the windows ASLR (Address space layout randomization) and DEP (Data Execution Prevention) protections on the target system, exploiting the Adobe Flash plugin. More detail on how these work here. [Read more…]

What happens when you press the XP Panic Button

What happens when you press the XP Panic Button

April 8th 2014 marks the official end of Microsoft’s support for Windows XP. Which means if you haven’t taken the steps to migrate off this dying OS yet, well….you’re panicking (and we don’t blame you – you’re putting your whole organization at risk).

Whatever prompted the decision to wait doesn’t really matter anymore. What matters now is focusing on keeping your data and environment safe. That’s why we’ve outlined the next steps you need to take.

[Read more…]

Not Dead…Yet: Accepting the end of Windows XP

Not Dead…Yet: Accepting the end of Windows XP 

Windows XP has been a dominant operating system in the enterprise for over a decade. Finally, though, it’s time to say goodbye.

In April 2014, Microsoft is ending its extended support for Windows XP, which means enterprises that haven’t migrated to a new platform by then will be immediately exposed to a plethora of zero-day exploits. While most businesses are taking steps toward more modern operating systems, such as Windows 7 and 8, they need to be making far greater strides.

Not Ready to Let Go?

Our recent audit of nearly half a million corporate PC devices, featured in our recent Shadow IT in the Enterprise study, found that 58 percent of those devices are still running Windows XP. This is just a 10 percent improvement from a year ago.

The slowest to react are mostly large enterprises with tens of thousands of PC devices in their IT environment and some small businesses whose owners are likely unaware of the risk involved. The next time you’re in your doctor’s office, or some type of small business, take a look at their computers. More likely than not, you’ll see that classic Windows XP Start button in the bottom left corner.

While the XP end of life is more than four months away, this slow year-over-year transition is nevertheless alarming. Microsoft estimates that a full OS transition can take anywhere from 18 to 32 months, which means plenty of organizations will not succeed in migrating all of their necessary devices at their current pace. [Read more…]

4 Things to Do Once You’ve Migrated Away from Windows XP

4 Things to Do Once You've Migrated Away from Windows XP

You’ve completed your migration away from Windows XP to Windows 7 or 8 — now what? One thing we know for sure: the industry has evolved and it isn’t reasonable to expect we will stay on this version of the OS for the next ten years. It was a good run. Let’s move on.

You’ll know an IT project is complete when another one is starting
A new model of OS updates calls for regular and consistent updates. No more waiting for service packs. No more waiting for R2. The updates will be regular and rich. We will want them. Our users will demand them. A new system of devices from tablets, to the Microsoft Surface, to our trusty iOS devices to stuff that hasn’t even been thought up yet will capture the imagination of our users and deliver heartburn to the IT manager. Deep breaths. The features available to our new spectrum of devices are changing…frequently…and our users will no longer tolerate a decade of treading water. We need to supply a better desktop experience.

The emergence of the consumerization of IT and BYOD philosophies has led to a proliferation of devices, and these enable capabilities that simply weren’t possible with XP. This means new ideas are required to keep some control and sanity. That is, however, unless you are have been awarded a gigantic budget increase and a ton of extra head count to help you manage the new stuff that is rolling our week after week.

If you have a huge budget increase and a slew of new people to hire in IT to help you, stop reading. Good job. You are in great shape. SneakerNet will serve you, and your ridiculously growing budget will serve you well for the foreseeable future. Nice work. Well played.

For the rest of us, with slashed budgets and shrinking staff counts, let’s see what we can do.

[Read more…]

Why An Easy Migration From Windows XP Includes SCCM

migration

The software delivery model is fundamentally changing. We’re not seeing big-splash releases anymore. Instead, we’re seeing a continuous deployment stream of updates, upgrades and patches.

With the death of Windows XP it doesn’t really matter if you’re moving to Windows 7 or 8 — just as long as you’re moving forward. Which OS you choose depends on which version best fits your needs. Factors that should be top of mind include which OS will be less of a shock to your users, and which version your app vendors will be able to support.

[Read more…]

Why the death of Windows XP is a blessing in disguise

XP End of Life

The death of Windows XP has been a long time coming. If you’re in denial or you’ve been prolonging the pain of migrating to the next version of Windows, it’s time to face the music: XP has reached its end of life.

This means more than a standard desktop OS upgrade (possibly one you’ve been putting off for the past five years). It’s going to touch almost every aspect of your IT infrastructure.

[Read more…]