Microsoft Windows Security Update ADV180012 and ADV180002 QID: 91462 and 91426

Microsoft Windows Security Update Registry Key Configuration Missing (ADV180012) (Spectre/Meltdown Variant 4)

QID: 91462 and 91426

Got another Vulnerabilities report which shows 1 High and 1 Critical risk which require immediate action.

• Microsoft Windows Security Update Registry Key Configuration Missing (ADV180012) (Spectre/Meltdown Variant 4)

• Microsoft Windows Security Update for Windows Server (ADV180002) (Spectre/Meltdown)

Below is the fix for Microsoft Windows Security Update ADV180012 and ADV180002

Run command prompt as administrator and copy below command. NOTE: Please copy and paste the command individually.

·         Reg Key - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, Value - FeatureSettingsOverride, REG DWORD - "8"

·         Reg Key - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, Value - FeatureSettingsOverrideMask, REG DWORD - "3"

Once done, restart the machine. 

https://community.qualys.com/thread/18628-microsoft-windows-security-update-registry-key-configuration-missing-adv180012-spectremeltdown-variant-4

https://community.qualys.com/docs/DOC-6531-details-for-mitigating-speculative-store-bypass-ssb-cve-2018-3639

Qualys report Null Sessions QIDs 90044

QID 90044 checks if the registry key HKLM\SYSTEM\CurrentControlSet\Control\LSA RestrictAnonymous = 0

If the value is 0 change to 1.

In the link, the TS screen capture shows the methods work on Windows NT. However, my server is Windows server 2016, therefore, I give it a try and it works!



https://community.qualys.com/thread/18864-null-sessions-qids-70003-vs-90044

CyberSecurity - Ransomware

Attended EC-Council Certified Incident Handler version2 (E|CIH v2) on 28 Mar 2019. From the course, I understand the value and importance of cybersecurity. Therefore I did research online only focusing on ransomware to gain more knowledge on the statistics and the impact on the business. Below are the highlights or summary taken from articles, click on the link to read more.

12 terrifying Ransomware Statistics for 2019

https://kraftbusiness.com/cyber-security/terrifying-ransomware-statistics-infographic/ 

WPP cyberattack it a wake-up call for all agencies. The cyber attack in the year 2017 cost WPP about $15 million, however, we do not know WPP has a loss or suffer for the intangible cost.
https://www.adweek.com/agencies/wpp-cyberattack-serves-as-a-wake-up-call-to-agencies-and-cmos-alike/

Global ransomware damage costs predicted to exceed $8 billion in 2018. Global damage predicted to reach 11.5 billion annually by 2019
https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-exceed-8-billion-in-2018/

Ransomware is a top 5 threat. Nearly 60% of ransomware attacks are delivered through email as embedded URLs.


Ransomware continues to grow annually


The most targeted industry is Healthcare which takes 45% followed by Financial and Professional services 12% (I'm surprised by the percentage gap)


Windows operating system is still the most targeted system

Ninety-nine percent of multiple service providers say Windows operating systems are targeted most frequently by ransomware attacks. However, this doesn’t mean that OS X, Linux, and Android are immune.
https://www.safetydetective.com/blog/ransomware-statistics/

Personal view: The reason that the window operating system is targeted the most is that most of the industry application or software only support on windows. Re-develop the application to another OS example, OS X? It will require a huge amount of investment by the developer. Also, will companies willing to invest or pay for the new development is another question.

Below is the prevention of ransomware and how to remove it if you encounter one.

Ransomware is a profitable market for cybercriminals and can be difficult to stop. Prevention is the single most important aspect of protecting your personal data. To deter cybercriminals and help protect yourself from a ransomware attack, keep in mind these dos and don’ts:

Dos and don’ts of ransomware

1. Do use security software. To help protect your data, install and use a trusted security suite that offers more than just antivirus features. Norton Security detects and helps protect against hidden threats to your identity and your devices, including your mobile phones.
2. Do keep your security software up to date. New ransomware variants appear on a regular basis, so having up-to-date internet security software will help protect you against cyber attacks.
3. Do update your operating system and other software. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
4. Don’t automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid opening emails and attachments from unfamiliar or untrusted sources.
5. Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled, macro malware can infect multiple files. Unless you are absolutely sure the email is genuine, from a trusted source, delete the email. (stated in above higlight 60% of attack is from email)
6. Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting valuable files and making them inaccessible. If the victim has backup copies, the hacker no longer holds the upper hand. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that backups are appropriately protected or stored offline so that attackers can’t access them.
7. Do use cloud services. This can help mitigate ransomware infection, since many cloud services retain previous versions of files, allowing you to “roll back” to the unencrypted form.
8. Don’t pay the ransom. You could be wondering, “But won’t I get my files back if I pay the ransom?” You might, but you might not. Sensing desperation, a cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html

How to remove ransomware
https://malwaretips.com/blogs/category/ransomware/

Scan for vulnerabilities which reduce risks.
https://www.qualys.com/community-edition/#/freescan
https://www.microsoft.com/en-us/download/details.aspx?id=19892

In the current digital world regardless of your company size or industry always invest in cybersecurity and prepare for any cyber attack. You never know when you will be hit. When the organization is attacked the tangible and intangible cost is unpredicted. Prevention is better than cure!

Window 7 End of Support

Window 7 is finally coming to the end after release almost 10 years ago.

After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running Windows 7. 

https://www.microsoft.com/en-ca/windowsforbusiness/end-of-windows-7-support

Xerox printer - outdated snmp version

SNMP version 1 and version 2 are no longer provides updates by vendor, obsolete software is more vulnerable to viruses and other attacks.
https://www.us-cert.gov/ncas/alerts/TA17-156A

Solution: Disable or remove SNMPv1/2c authentication or use SNMP version 3 authentication.

SNMP v1/v2 protocols on Xerox printers.

Login to web console > properties


Connectivity > Protocols > SNMP configureation


Once you enable the SNMPv3 in the web console, need to go printer server and un-tick the "SNMP status". (If your printer is showing offline)



Some Xerox comes with their own print server (Fiery). Login to Fiery web console > Configure > Launch configure. (enter ID and password)



Go to network > SNMP.

You can change the security level to maximum (default is Medium). If you not using SNMP service, can turn off by un-tick the "enable SNMP" box.