Header
1Vol 13-1   January 2013
2
Ekaru
Specializing in information technology outsourcing for small and medium businesses (1-50 Employees). "It's like having your own IT department"
  • Network Design
  • High Speed Internet
  • Computers & Software Network
  • Security Email & Web Hosting
  • Back-ups
  • Virus Protection & Recovery
  • Web Sites
  • Professional Service
www.ekaru.com

978-692-4200
866-go-ekaru


Welcome to this month's issue! The Technology Advisor provides technology advice, strategy, tips and trends to help you manage and grow your business!  Happy New Year!

Tech Headlines
Here are some of the Tech headlines we're tracking:
  
Meet Microsoft - the world's best kept R&D secret - We're all familiar with the day-to-day Microsoft applications we work with, but check out all the cool new stuff in the works!  Read more at PCWorld

  
Amazon Kindle Fire gains Web usage market share on iPad loss - Apple tablets dominate, but there is rising competition.   Read More on CNET

 

Oracle Corp. updated Java on Sunday, but experts still warn against using it -  Interesting to note:  Java was responsible for 50 percent of all cyber attacks last year,  followed by Adobe Reader, which was involved in 28 percent of all incidents, and Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents.  Read More on MSN News

 

My 60 days with the Surface RT -  Interesting perspective from a writer at ZDNet regarding the pros and cons - We'll be seeing a lot more Windows 8 tablets this year.  I've only had my own Surface RT for about a week, but I love it so far!   Read More on ZDNet
  
CNET Guide to the CES Show - For those who weren't lucky enough to attend the Consumer Electronics Show (CES) last week, here is a comprehensive guide from CNET.  Wow!  Lots of cool new stuff.   Read More on CNET
  
Ekaru Blog - What is my Wireless Key?  Forgot your key?  Here is a way to find out what it is without searching through your files;   Verizon Star Codes  Heres a quick link to remember the "old" codes after learning the new ones for FiOs phones.
  
Webinar - Get More from Microsoft Office!

 

We'll share helpful tips and tricks designed to help you get more from Microsoft Outlook, including email, "rules", signatures, contacts, calendars, tasks, and more. Get more from Microsoft Office!

  

Do you look at your Outlook page and think "I really would like to know what all these tabs/buttons do?" but never have the time to figure them all out? Then our webinar on Wednesday January 23rd is an opportunity for you to gain a little more knowledge about Outlook in less than an hour!

 

Get started on your New Years Resolution to get more organized!

 

When:  Wednesday January 23 at 12:15pm

 

                                    Sign up today!

 

If you have any specific questions you'd like us to answer, let us know!

"Patch Tuesday" - January

"Patch Tuesday" is the day each month that Microsoft releases their newest security updates, typically the second Tuesday of the month.  This month included eight updates, including three "critical" updates and five "important" updates. The updates impact Internet Explorer, Windows, Office... just about all users are affected:

 

 

Bulletin ID, Bulletin title and Executive Summary, Maximum Severity, Restart? Affected Software:

  • MS13-008:  Security Update for Internet Explorer (2799329) This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.;  CRITICAL, Requires Restart, Microsoft Windows and Internet Explorer.
  • MS13-001Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)  This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.  CRITICAL, Requires Restart, Microsoft Windows.
  • MS13-002:  Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)   This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.  CRITICAL, May Require Restart, Microsoft Windows, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software
  • MS13-003 - Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.  IMPORTANT, Does Not Require Reboot, Microsoft Server Software.
  • MS13-004 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) This security update resolves four privately reported vulnerabilitiesin the .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  IMPORTANT, May Require Restart, Microsoft Windows,Microsoft .NET Framework
  • MS13-005 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)  This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.  IMPORTANT, Requires Restart, Microsoft Windows.
  • MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)  This security update in the implementation of of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes. IMPORTANT, Requires Restart, Microsoft Windows.
  • MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.  IMPORTANT, May Require Restart,  Microsoft Windows, Microsoft .NET Framework.

For a full breakdown, check out the Microsoft Security Bulletin posted on line.  Note that in the days leading up to Patch Tuesday, there is always an advance notification, which gets replaced by the actual bulletin on the release date.

 

 A "critical" patch is defined by Microsoft as "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action".  As a general rule, all critical patches should be installed as soon as possible. Also, if you have a managed service support plan with us, all patches are tested before installation, and we are tracking the updates for you.

 

Note that several of the security bulletins require reboots!  If you aren't regularly rebooting your systems, this is an important reminder.

 

Microsoft also released an out-of-band patch yesterday for a zero day threat for  Internet Explorer.  Check ZDNet for a full summary.

Connect with us on line!
 
Follow us on Twitter Daily Small Business Tech News 
Like us on Facebook Please "Like" us for tech tips, news, and free training  
Visit our blog Subscribe to our blog for weekly tech tips
View our profile on LinkedIn Connect with us on LinkedIn

 

Does your business have a Facebook page or Twitter account? - Let us know so we can follow you too!

 

New! YouTube Training Videos - Check out our YouTube Channel - More training videos coming for 2013!  www.youtube.com/user/EkaruIT  If you need to do an "out of office" reply for an upcoming vacation, check out the video!


     Happy New Year!

 


Introductory Technology Assessment Over 450 local small businesses have chosen Ekaru to manage their computers and networks. We offer a free, no-obligation initial consultation to get started. We'll visit your office, review your network, and make recommendations. Call us at 978-692-4200 or email us to schedule a no-obligation assessment. If you know someone who could benefit from this offer, simply forward this email to them. Thank You!

3
msbs
Microsoft Small Business Specialist
�2012 Ekaru, LLC. All Rights Reserved.