UPDATE FOR THURSDAY, JANUARY 21

As you may have seen in the headlines, Malwarebytes recently announced it was targeted by the same threat actor who attacked SolarWinds. After an extensive investigation, Malwarebytes reported their Microsoft Office 365 and Azure environments were targeted, but they found “no evidence of unauthorized access or compromise in any internal on-premises and production environments.”

Office 2010 will reach end-of-support on October 13, 2020. After this date, Microsoft will no longer provide technical support, bug fixes, or security updates for Office 2010. You will be able to continue using this version of Office, but by upgrading before any product falls out of support your business minimizes risks, including reducing exposure to security threats, remaining in compliance, and continuing to receive the latest product updates and support.

A new detailed research report released from IntSights, a threat intelligence firm, reveals the cyber threat impact of COVID-19 to global business. It seems that a list of Zoom user credentials was found on the dark web.

05.01.20 UPDATE:  Beginning Thursday, May 21, 2020, Systems Engineering will be moving forward with our patching service changes. We initially scheduled these for March, but then delayed as we all adjusted to working from home due to the pandemic. Our patching service changes are in response to Microsoft's new way of servicing Windows, which you can read more about in this blog post.

Beginning Thursday, March 19, 2020 May 21, 2020, Systems Engineering will be enhancing our patching services. Before we communicate these enhancements, it's essential to understand the motivation behind them. Our patching service changes are in response to Microsoft's new way of servicing Windows known as Windows as a service.  

You may recall from our previous blog post in October that Microsoft will replace the core terms of their customer agreement for all existing and new Microsoft customers after January 31, 2020. This new Microsoft Customer Agreement (MCA) is said to improve the purchase experience to better support all customers.

Yesterday Microsoft announced and delivered a fix for a serious vulnerability in Windows 10 cryptography function (CVE-2020-0601). The NSA had previously discovered and notified Microsoft to develop a solution. Microsoft also stated that they had seen no exploit of this vulnerability to date. The vulnerability would allow an attacker to disguise their malicious software as a valid and certified piece of code; thereby spoofing the Windows 10 PC or Windows Server 2019 into thinking it is legitimate code that can be trusted and therefore executed.