Staying updated

Chris Jones
By Chris Jones
Following on from the potentially devastating WannaCry NHS ransomware attacks earlier this month, we have been inundated with requests about how businesses can safeguard against future attacks. 
Staying updated

As IT support specialists, part of our day-to-day routine involves keeping an eye out for any potential dangers that could be set to strike and making sure our clients are protected. And while some attacks are impossible to predict, we make it our business to try and stay one step ahead by researching possible threats.

One would-be menace that came to our attention recently, and really expounds the virtues of keeping your computer’s operating system updated, is a Microsoft vulnerability that could cause serious damage to any systems that are not currently up-to-date. Detected at the start of May by Google’s team of security analysts, and known as Project Zero, if left unaddressed this particular threat had the potential to allow attackers to mount large-scale cyber-attacks. 

Tasked with finding what are known as ‘zero-day’ vulnerabilities in computer software that hackers could exploit, the Project Zero team has been tirelessly working against would-be cyber attackers since 2014. This latest vulnerability was reported as capable of working against a default Windows install, meaning that victims wouldn’t need to download additional software for the system to become vulnerable. On top of that, the attacks would be ‘wormable’, with the ability to spread without user interaction.

Microsoft’s security patches for its software products fall on what are known in the industry as ‘Patch Tuesday’, the second and occasionally fourth Tuesday of the month. Luckily, rather than waiting for the next ‘Patch Tuesday’ to roll around before releasing a security update to tackle the vulnerability, Microsoft recognised the need for swift recourse. Having now issued a fix, Microsoft has stated in a security advisory that users’ systems should automatically detect and deploy the update within 48-hours of its release. So quick was Microsoft’s response that Project Zero team member Tavis Ormandy, who reported the problem originally, took to Twitter to praise the ‘incredible work’ of the Microsoft Security team.   

Part of the cyber-security advice we issue to all our clients is to ensure all updates are performed in a timely manner. A lot of PCs will perform updates automatically without requiring a prompt, but if you think your machine might not have updated since Microsoft’s security patch was released please consider taking the time to make sure it does. After all, a little time spent now could save a huge amount of pain in the future.

When it comes to cyber-security, what examples like this make clear is just how important it is to work together towards the ultimate goal of a safe online experience for all. There will always be those out there attempting to exploit technology and launch attacks that could jeopardise not just individual machines but entire IT systems. But it is reassuring to know dedicated individuals are on the case and working tirelessly to detect and put a halt to future attacks.

At Dynamic, providing added peace of mind is just one of the benefits we offer our clients. If you’d like to find out more about what else we can offer, get in touch today.

Dynamic insights & advice