The time for Windows 7 has come and gone. As of January 2020, Microsoft stopped providing extended support for the popular operating system. While Extended Security Updates (ESU) are available for the Professional and Enterprise editions of Windows 7, this option comes at an increasing cost to organizations. It's critical to start planning your migration to Windows 10 now.
Citrix recently published a critical security bulletin (CVE-2019-19781) advising users of a vulnerability in the Citrix Application Delivery Controller (ADC) device formerly known as NetScaler ADC, Citrix Gateway, and NetScaler Gateway. If exploited, it can allow an unauthenticated attacker to execute code on the appliance that can lead to possibly compromising a critical perimeter security component. Many organizations rely on these devices as load balancers to control access from the outside to internal Citrix Servers and to terminate SSL VPNs.
Cisco recently released a collection of 10 security advisories against Cisco's Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. The collection includes a few high-risk vulnerabilities that affect File Transfer Protocol (FTP) Inspection, Session Initiated Protocol (SIP) inspection that could lead to a denial-of-service condition. Importantly, Cisco is not aware of any public exploitation of the vulnerabilities.
This month, Microsoft began the transition to a new customer agreement, which replaces the core terms for all Microsoft customers. Their goal is to improve the purchase experience to better support all customers. They also had some important security-related reasons for the change, including;
Microsoft recently announced a pair of Windows 10 Remote Code Execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These vulnerabilities allow cybercriminals to obtain remote control of a computer over a network connection. Microsoft discovered the vulnerabilities during routine testing of Windows 10, which allowed them to publish the required security updates and notify the public at the same time.
Systems Engineering is paying special attention to a Cisco IOS XE Software Web UI Command Injection Vulnerability that was announced earlier this week. Also known as "ThrangryCat Vulnerability," it is serious enough to get the attention of the press. As quoted on ZDNet, "This vulnerability allows hackers to plant persistent "backdoors" on Cisco gear, even over the Internet, with no physical access to vulnerable devices."
In the coming year, how will your organization be less vulnerable to security threats, remain in compliance, and continue to receive the latest product support?
Quick answer: Upgrade.
Review the chart below and ensure that your Microsoft products are not about to expire. The chart quickly points out some significant end-of-life/support dates that are on the horizon for some of the more popular Microsoft products, including Windows 7, Exchange 2010, and Office 2010.
It seems these dates are far out, but in reality, upgrade discussions should begin now in order to prepare appropriately. By applying upgrades before products fall out of support, your business will be less vulnerable to security threats, remain in compliance, and continue to receive the latest product support.
Security Bulletins & Alerts, IT Solutions & Support, Cloud Security
