By Randy Becker, VP & Principal Security Architect Yesterday, May 25th, VMware announced there are two new vulnerabilities in their vCenter management platform; this impacts many of the production vCenter deployments regardless of if you are using VMware Virtual SANs or not. VMware is providing a workaround and a fix for affected versions of vCenter. We recommend reading all the details on this before taking any action. Workarounds could impact functionality if you are using vSAN, so read thoroughly. Per VMware: “This needs your immediate attention if you are using vCenter Server.”

By Randy Becker, VP & Principal Security Architect On May 4, 2021, SentinelLabs posted that they had discovered five Dell security bugs collectively tracked as CVE-2021-21551. This local privilege-escalation (LPE) has a CVSS vulnerability-severity rating of 8.8 out of 10. SentinelLabs proactively reported their findings to Dell on Dec 1, 2020. These five high-severity security vulnerabilities in Dell’s firmware update driver have the potential to impact hundreds of millions of Dell desktops, laptops, notebooks, and tablets.

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

By Randy Becker, VP & Principal Security Architect The pandemic has brought new and interesting challenges for all of us to deal with and certainly the balance of supporting users working remotely while ensuring security has not been easy. Initially we all had to scramble to figure out ways to allow employees to work from home. Some crazy things happened, including people bringing their desktop PCs home, connecting home PCs (with unsupported operating systems) to corporate VPNs, etc. Now we are seeing discussions about returning to work. What does that look like and what is it called?

By Randy Becker, CISO & VP, Network and Security Consulting I am often asked by customers, “If you could only do one thing to improve your security posture right now what would it be?” That’s an easy answer: implement immutable backups to protect against a ransomware attack. So, what exactly is an immutable backup? Simply stated, it is a backup that is read-only and cannot be deleted by anyone, including an administrator, threat actors, or, you know, the “bad guys.”

By Randy Becker, CISO & VP, Network and Security Consulting Microsoft just released a new PowerShell script called the Exchange On-premises Mitigation Tool (EOMT). https://github.com/microsoft/CSS-Exchange/tree/main/Security#exchange-on-premises-mitigation-tool-eomt. This single script will automatically grab necessary downloads and dependencies for mitigation and malware scan, and reverse changes made by known threats.

By Randy Becker, CISO & VP, Network and Security Consulting As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021. Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.  

By Randy Becker, CISO & VP, Network and Security Consulting It isn’t common for Microsoft to release a security update for an 11-year-old server application. So, when they do, people take notice. Especially when tied to Email. Microsoft has just released out-of-band security updates for a zero-day exploit that is actively being exploited in the wild. Of significant importance is that this is for all supported Microsoft Exchange versions plus Exchange 2010.

By Randy Becker, CISO & VP, Network and Security Consulting Zero Trust is not new, but it has recently started to show up a lot in security circles. A quick search shows that there are a lot of organizations with thoughts on this topic. Given the infamous SolarWinds breach, we are starting to hear more about “Zero Trust,” “Defense in Depth,” and my personal favorite “Assume the Breach.” Last Friday CISA quietly posted the following important guidance on Zero Trust: NSA Releases Guidance on Zero Trust Security Model. This should be on the short list of reading for everyone.