Microsoft Fixes a Serious Vulnerability . . . Under the Radar

microsoft-iis.png

On the second Tuesday of every month, Microsoft releases software patches to address vulnerabilities. This day is known in the tech community as "patch Tuesday." Last Tuesday happened to be one of those days, and Microsoft released a fix for a major security vulnerability, to surprisingly little fanfare.

The Vulnerability: IIS and TLS in Windows Server

The problem the patch fixed has been called a "zero-day" vulnerability, which essentially means that it has been present in Microsoft's Windows Server operating systems for a long time and was only discovered recently. The vulnerability is this: IIS (Internet Information Services), the service that allows Windows Server users to host things (such as Outlook Web Access) on the web, when used along with the TLS encryption protocol, the tool used to encrypt areas on the web to restrict access (think of the padlock icon you see in a web browser, or URLs that begin with 'https'), essentially allows cybercriminals a way in to execute code remotely. 

If this sounds scary, that's because it is. What's more is that this vulnerability has not received nearly the same press as other zero-day threats like Heartbleed and Shellshock, which received coverage in major news outlets. This is odd because the IIS vulnerability arguably poses a much more serious threat to businesses that use Windows Server than those highly-touted vulnerabilities.

What Should You Do About It?

If you have signed a partnership agreement with 3n1media, you don't need to do anything. We have already deployed the security patch in your environment, so you are no longer vulnerable. We are very proactive about reviewing, testing, and applying security patches in environments that we fully monitor and manage.

If you are an hourly service client of 3n1media, feel free to contact us to request that we apply the patch to your server. And, if you're looking for a full-service technology solutions provider to manage your system proactively, feel free to get in touch with us. We'd love to talk with you about the benefits of outsourcing your IT needs to a trusted partner.