Beginning Thursday, March 19, 2020, Systems Engineering will be enhancing our patching services. Before we communicate these enhancements, it's essential to understand the motivation behind them. Our patching service changes are in response to Microsoft's new way of servicing Windows known as Windows as a service.
On Jan, 14, 2020, Microsoft retired the popular Windows 7 operating system (OS). For businesses who have not upgraded to a supported version of Windows, Microsoft allows them to purchase extended support via Windows 7 Extended Security Updates (ESU). With this service, businesses will continue to receive security updates at an extra cost.
In 2016, Systems Engineering launched our first ever summer internship program, which has continued to grow and develop over the last four years. With unemployment levels for technology workers at record lows, and a steady increase in open tech positions, students have a unique opportunity with Systems Engineering to gain real-world experience through on-the-job training for a quick transition into full-time careers. Several of our past participants have chosen to take positions within Systems Engineering once they have completed formal studies, which is a testament to the strength of our program and the quality of candidates accepted into the summer internship.
Systems Engineering is aware of wide-spread internet service provider outages affecting clients. Ticket volumes and metrics suggest these outages are impacting a large area of the northeast. Systems Engineering is operating under our standard business and after-hours coverage plans and is prepared to help clients through our routine service delivery models.
Recently, Cisco released a series of ‘High Severity’ vulnerabilities that relate to the Cisco Discovery Protocol (CDP), which is Cisco’s proprietary mechanism used by their devices to broadcast identities to one another across private/secured networks. For example, accessories such as VOIP Phones will use CDP to determine which VLAN the switch is using for voice traffic.
You may recall from our previous blog post in October that Microsoft will replace the core terms of their customer agreement for all existing and new Microsoft customers after January 31, 2020. This new Microsoft Customer Agreement (MCA) is said to improve the purchase experience to better support all customers.
Yesterday Microsoft announced and delivered a fix for a serious vulnerability in Windows 10 cryptography function (CVE-2020-0601). The NSA had previously discovered and notified Microsoft to develop a solution. Microsoft also stated that they had seen no exploit of this vulnerability to date. The vulnerability would allow an attacker to disguise their malicious software as a valid and certified piece of code; thereby spoofing the Windows 10 PC or Windows Server 2019 into thinking it is legitimate code that can be trusted and therefore executed.
The time for planning has ended. Microsoft will no longer provide extended support for Windows 7. While Extended Security Updates (ESU) may be available for Professional and Enterprise editions of Windows 7 (for a maximum of three years from January 14, 2020), this option will come at an increasing cost to organizations.
Citrix recently published a critical security bulletin (CVE-2019-19781) advising users of a vulnerability in the Citrix Application Delivery Controller (ADC) device formerly known as NetScaler ADC, Citrix Gateway, and NetScaler Gateway. If exploited, it can allow an unauthenticated attacker to execute code on the appliance that can lead to possibly compromising a critical perimeter security component. Many organizations rely on these devices as load balancers to control access from the outside to internal Citrix Servers and to terminate SSL VPNs.
Today, your applications and files are no longer all contained within your four walls. With staff accessing your company's data and apps from multiple locations and on multiple devices, you need to know who is knocking at the door before you let them in. Your business might require complex passwords, but in reality, your staff is most likely using the same passwords across personal and business accounts, and the cybercriminals know it.