News for January 9, 2023

Rackspace Mitigation
by Artie Kaye

In December, Rackspace reported a data breach, later confirming that 27 customers had their data compromised. The breach came as a result of vulnerabilities CVE-2022-41080 and CVE-2022-41082 being used together.  It was not due to ProxyNotShell, which used one of these flaws as the starting point but targeted a different security hole. The reason this is relevant is Rackspace implemented the mitigations to address ProxyNotShell and did not apply the patches for the CVE’s which Microsoft released in November. This is why this attack succeeded, as the mitigations did not address these two flaws being used together.

Mitigations are useful for short term solutions and are given by developers as a means of preventing damage until a patch can be made available. When a patch becomes available applying it sooner is the best option. If a security flaw is known to the public, bad actors will find ways of using them to infiltrate systems which have not been patched.

Windows Support Ending
by Artie Kaye

Microsoft has products they are ending support for: 

  • Server 2008,
  • Server 2012,
  • Windows 7 extended security,
  • Windows 8.1.  

Windows 7‘s extended security updates are ending January 10, 2023 and will require upgrading to Windows 10 to see continued bug fixes.

Windows 8.1‘s support ends on January 10, 2023.

Server 2012 will be ending its service in October 2023. Microsoft is recommending customers upgrade to their Server 2022 or invest in extended security updates, these will last until October 2026. They also give Azure Virtual Machines as another option.

Server 2008 will end its extended support on January 10, 2023.

Security and bug fixes help protect our machines. Knowing when a product will be ending service can aid in planning logistics. Leaving an end of service program running is a potential security risk.

Database of Breach Resource – Opinion
by Artie Kaye

Cyber attackers breach companies and exfiltrate data. The data they get varies from instance to instance. There are resources to find out if you may be affected by these attacks. Have I Been Pwned is a useful website that has collected a database of available information that anyone can search to see if their email or phone number was part of a breach.  It will tell what type of information was affected as well.  Additionally you can setup a notification if your information comes up in future breaches. A great and helpful resource for people who want to stay on top of protecting their accounts and information.