Nasty Vulnerability Found in Microsoft Azure’s Managed Database Service

Some vulnerabilities can fly under the radar for quite some time, some for months or even years. This is the case with a recently discovered Microsoft Azure database vulnerability. The exploit, discovered by cloud security provider Wiz, is found in Cosmos DB, Microsoft Azure’s managed database service, and it’s a real nasty one at that. Let’s dive into the details and see what we can learn from the incident.

Tip of the Week: Activating Two-Step Verification on a Microsoft Account

What is Two-Step Verification? This security measure compounds the traditional password with a second proof of identity, which Microsoft calls the user’s security info. Microsoft’s approach is to reach out to the user each time a device is used to access the account that hasn’t yet been designated as a trusted device. Via a phone call, email, or an authenticator application, two-step verification asks the user to confirm that yes, the current attempt to access the account is legitimate. Turning on Two-Step Verification for Your Microsoft Account The process to activate two-step verification is simple: Sign into the Security basics page for your Microsoft account Access More security options Locate Two-step verification, and select Set up two-step verification Follow the on-screen instructions to complete the process You have the option of selecting a phone number, an email address, or an authentication app to use. If you choose to use an application, but not the Microsoft Authenticator app, you will have to follow the provided on-screen instructions to link your account to the app of your choice. Setting up two-step verification on any account you use can greatly benefit your security. To learn more ways to secure your work-essential technology, reach out to the IT professionals at SRS Networks by calling (831) 758-3636.

Tip of the Week: Controlling Your Text in Microsoft Word

Before we begin, a word of warning: these tips feature some changes to settings. Make sure you check with your organization’s IT resource to confirm that these changes are okay to make, and for assistance in making them if necessary. First, let’s discuss Word’s tendency to reformat what you’ve typed, as it does with everything from websites (adding a hyperlink) to changing the kind of list you just typed as soon as you press Enter. This is caused by the AutoFormat As You Type setting. While some may be helpful, others are likely to trip you up. However, you can edit these options through a pretty simple process: Choose File > Options In the Proofing category, pick AutoCorrect Options Select the AutoFormat As You Type tab From there, you can deselect the options that you no longer want to take effect, and leave the ones that you still want in place. Secondly, there’s the tendency for Microsoft Word to automatically wrap text (which is a fancy term for simply moving down to the next line when space runs out). However, there are some phrases that it is better to keep on one line – like dates, names, telephone numbers, and hyphenated phrases. For example, typing in “All-you-can-eat” might end up putting the phrase on two lines, when you want it to always be stuck together and treated like a single word. The best way to fix these issues is to use non-breaking spaces/characters, rather than the typical ones. These are effectively the same, except that the non-breaking ones will connect the text, and if needed, move it all down as a group to the next line. Non-breaking space: Ctrl+Shift+Spacebar Non-breaking hyphen: Ctrl+Shift+Hyphen Hopefully, these tips will make your use of Word that much less frustrating. For more tips, subscribe to our blog!

Microsoft SQL Server 2008 and 2008 R2 Approaching End of Life

What is SQL Server? SQL server is Microsoft’s relational database management system (RDMS) application. As its name suggests, it is used to manage the databases you use for your business. All of the programs your business depends on for management and productivity typically need access to a database. The data in this database is traditionally accessed through the RDMS. While there are several types of RDMS servers on the market, they typically have specific applications. SQL Server has been updated numerous times in the 11 years since SQL Server 2008 was introduced and the nine since 2008 R2 launched, with all types of additions for new dataflows and cloud resources. What Can You Do? Microsoft suggests that each organization chooses the modernization platform that best fits their company’s needs, but with so little time left before SQL Server 2008 and 2008 R2 lose support, it may be difficult to sufficiently modernize before the deadline. One (very attractive) option offered by Microsoft is that company’s utilizing SQL Server 2008 or 2008 R2 can move their existing databases to the Azure cloud and get support for three additional years. By migrating your SQL Server 2008 to the cloud (in Azure), Microsoft will continue to support your software through July 2022. This extended support gives organizations time to come up with a viable plan without having to move forward with unsupported software that could present a whole litany of security problems. If you are staring down the July 9th deadline, you may want to stop and act now. For more information about RDMS platforms and hosting, reach out to the IT professionals at SRS Networks today at (831) 758-3636.

Security Is a Big Component of Windows 10

The first thing that we should mention in this article is that Windows 7 will be losing support this upcoming January, and with so many people/businesses still using machines running the decade-old operating system, Microsoft knew they needed to make Windows 10 that much more accessible. Their strategy is to provide Windows 10 as a cloud service. In launching Microsoft 365, the software developer has made it easier to upgrade away from Windows 7 and 8.1. For the modern business that depends on their Windows 7 workstations, this provides them with an option to get their business moved over to a platform that’s security is strong and up-to-date. Windows 10 has been remarkably resilient as threats continue to multiply. In fact, there are some people in the industry that argue that Windows 10’s Windows Defender is one of the best antivirus solutions ever made for a personal computer. It may be that for an individual user Windows 10’s built-in security is enough to protect them against a web filled with viruses and malware. For the enterprise, however, it is vigilant to have added security in the form of a dedicated antivirus and powerful spam blocker. That’s not to deride the improvements Microsoft has made to its internal security system, it just provides more control for administrators whose job is keeping these threats from damaging an organization’s operational effectiveness. What to Expect from Windows 10 Enterprise Security As stated above, Windows Defender is a strong antivirus, but the real benefit to Windows 10’s security solutions is the improvement in identity and access management and data protection. In improving Windows 10’s identity and access management systems, Microsoft has made a point to improve security around the access points. They’ve thoroughly overhauled the way they authorize users, groups, and other systems to access data on Windows 10-controlled networks or devices. With this enhancement, administrators have more options to outline the ownership of objects, user rights, and data that is available for reporting. User Account Control (UAC), found in the most recent version of Windows, is enhanced in Windows 10. It works to prevent malware by blocking the installation of unauthorized applications and prevent non-administrators from changing system settings. Another change is the use of two-factor authentication to gain access. By setting up a two-factor authentication system, users will be forced to have access to additional accounts to gain access, mitigating access problems that come from stolen passwords. Additionally, Windows 10’s security includes BitLocker, a data protection feature that integrates with the OS and is used to address the near-constant threat of data theft (or unauthorized exposure). There are also dynamic features such as the Trusted Platform Module, which provides hardware-based security functions, and the ability to secure the Windows 10 boot process. Every security feature should be added into a dedicated Windows Information Protection policy that can be set per device or over an entire network. Windows 10 is one of the strongest operating systems ever created in dealing with threats. Learn more by contacting our IT experts today at (831) 758-3636.