Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Microsoft (MS) announces Office users will no longer be able to enable VBA (Visual Basic for Applications, a programming language used to create macros) macros with a click of a button after the change rolls out in April 2022. A huge win for organizations and home users alike, a new Security Risk banner will inform users that MS has blocked macros downloaded from the Internet. MS provides further information about the security risks of macros, safe practices, and instructions on a support page.  (NOTE that the support page link will appear as the actual Microsoft warning landing page that reads, “A potentially dangerous macro has been blocked”). VBA macros embedded in malicious Office documents are very popular among phishing and malware attacks.

Tune in as our team of security expects dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Typically Microsoft releases Patch Tuesday information the second Tuesday of the month. However, this January 2022 there was a slight hiccup and Microsoft released some bad patches which have since been revoked. Our team has updated our recommendations and we apologize for the late release of our Cyber Thursday Security Updates. 

Back in the early 2000s Microsoft had a reputation for inconsistent patching. However, recently, Microsoft has been doing a better job which has lead some admins to have a false sense of security. Testing patches is critical before deployment. Check out the updated patch information below. 

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications:

Two Common Vulnerability and Exposures (CVEs) were released for Apache Log4j on December 10th, 2021, and have dominated headlines in the Information Technology and Security industries. Log4j, a Java-based 'logging utility' within the Apache Logging Services, is embedded throughout widespread technologies and products depended on every day by businesses and consumers alike. The initial discovery stemmed from the popular video game, Minecraft. These particular CVEs are not only trivial to exploit, but are actively being exploited in the wild via a race condition and allow remote attackers to gain control of compromised systems.

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications. More information can be found here.