The Importance of keeping your computer up to date.

The Importance of keeping your computer up to date.

Microsoft has released it’s March security Patch which includes fixes for:

• Application Virtualization
• Azure
• Azure DevOps
• Azure Sphere
• Internet Explorer
• Microsoft ActiveX
• Microsoft Exchange Server
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows Codecs Library
• Power BI
• DNS Server
• Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Admin Center
• Windows Container Execution Agent
• Windows DirectX
• Windows Error Reporting
• Windows Event Tracing
• Windows Extensible Firmware Interface
• Windows Folder Redirection
• Windows Installer
• Windows Media
• Windows Overlay Filter
• Windows Print Spooler Components
• Windows Projected File System Filter Driver
• Windows Registry
• Windows Remote Access API
• Windows Storage Spaces Controller
• Windows Update Assistant
• Windows Update Stack
• Windows UPnP Device Host
• Windows User Profile Service
• Windows Wallet Service
• and Windows Win32K.

Microsoft released patches and fixes monthly to fix problems in their software products.  There are times when Microsoft releases a patch that in addition to the regular monthly patches.  This is known as an Out of Band (OOB) patch.   OOB patches are issued when a critical security vulnerability is identified.  Last week Microsoft issued an OOB patch to fix a security problem with Microsoft Exchange Server.  According to reports over 30,000 organizations have been compromised because of that security vulnerability in Microsoft Exchange Server.

A Chinese hacking organization known as Hafnium initially used the security vulnerability to conduct targeted attacks on medical research institutions, law firms, higher education, defense contractors.  The hacking organization has now made their attack much broader and is searching the internet for any vulnerable Microsoft Exchange Server.

One of the things the attack does is to put a program on the computer that allows the hackers to connect to the computer remotely take administrative control of the computer, this program is known as a Web Shell.  Many servers that have been patched may already have that Web Shell in place.   Patching Microsoft Exchange Server does not remove the Web Shell program.   The problem is so severe that the Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive ordering all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to either update the software or disconnect the products from their networks.

If you are running a Microsoft Exchange Server now is the time to make sure you have installed all necessary patches to protect the server, but that is not enough.  There is a very good probability that you already have the Web Shell on your computer.   We recommend that you contact your IT provider to ensure you do not have Web Shell installed.  You do not want a foreign hacker taking control of your network and having access to all of your patient data.