This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Check out two great takes on Tarrask: here and here.

Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

The conflict in Eastern Europe has global implications, including with respect to global cyber security.  The concepts of Advanced Persistent Threat (APT) and foreign threat actors have taken on a very real and current meaning and will continue to impact the world in various ways for years to come. From a purely cyber security perspective, the most important takeaway: We recommend staying focused on fundamentals of Information Security such as following Change Management, patching systems, Security Training & Awareness, having a solid Passphrase (Password) policy, and implementing two-factor authentication -- it is critical to stick to the fundamentals of Information Security. If there was ever a day to start securing your network, today is that day. 

Ukraine and Russia are all over the news and the war is rapidly progressing each day. The war is also bringing new challenges when it comes to defensive cybersecurity.

Tune in as our team of security experts dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Microsoft (MS) announces Office users will no longer be able to enable VBA (Visual Basic for Applications, a programming language used to create macros) macros with a click of a button after the change rolls out in April 2022. A huge win for organizations and home users alike, a new Security Risk banner will inform users that MS has blocked macros downloaded from the Internet. MS provides further information about the security risks of macros, safe practices, and instructions on a support page.  (NOTE that the support page link will appear as the actual Microsoft warning landing page that reads, “A potentially dangerous macro has been blocked”). VBA macros embedded in malicious Office documents are very popular among phishing and malware attacks.

Tune in as our team of security expects dive into critical information you need to know. We're unpacking critical vulnerabilities, recapping Microsoft patch Tuesday, highlighting zero-days and other patch information, and much more. 

Typically Microsoft releases Patch Tuesday information the second Tuesday of the month. However, this January 2022 there was a slight hiccup and Microsoft released some bad patches which have since been revoked. Our team has updated our recommendations and we apologize for the late release of our Cyber Thursday Security Updates. 

Back in the early 2000s Microsoft had a reputation for inconsistent patching. However, recently, Microsoft has been doing a better job which has lead some admins to have a false sense of security. Testing patches is critical before deployment. Check out the updated patch information below. 

Let's Chat About Microsoft Zero-Day and Patch Tuesday

With Microsoft zero-day under attack and a series of patches released to remediate, here's what you need to know…

Windows 11 is here! With plenty of innovation and new features, Windows 11 boasts an all-new simplified, yet modernized interface that was designed to inspire productivity and creativity. Not sure where to start? Check out the highlighted features below and tips for upgrading.

Microsoft recently announced changes to commercial pricing which will be effective March 1, 2022. This is the first major price change since Microsoft launched over a decade ago with major innovations delivered in three key areas - communication and collaboration, security and compliance, and AI and automation.