Archive for February, 2021

Critical Windows fix

February 14th, 2021

A critical flaw was discovered in Windows 10 that could allow hackers to unleash a devastating attack on PCs and render the devices useless. Customers who have automatic updates enabled are automatically protected from these vulnerabilities.

Last week Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.

The DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.

It is essential that customers apply Windows updates to address these vulnerabilities as soon as possible. If applying the update quickly is not practical, workarounds are detailed in the CVEs that do not require restarting a server. These three vulnerabilities are unique and require separate workarounds depending on the exposure of an affected system; however, they can be thought of in terms of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) solutions.

The IPv4 workaround simply requires further hardening against the use of Source Routing, which is disallowed in Windows default state. This workaround is documented in CVE-2021-24074 and can be applied through Group Policy or by running a NETSH command that does not require a reboot. The IPv6 workarounds are documented in CVE-2021-24094 and CVE-2021-24086, and require blocking IPv6 fragments, which may negatively impact services with dependencies on IPv6.

It is important that affected systems are patched as quickly as possible because of the elevated risk associated with these vulnerabilities, and downloads for these can be found in the Microsoft Security Update Guide.

Comments Off on Critical Windows fix »

Posted in Microsoft, Security and Compliance, Technology

Microsoft 365 apps and services will no longer support IE 11

February 3rd, 2021

Last August Microsoft announced that Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE 11) by August 2021

Since November 30, 2020, the Microsoft Teams web app no longer supports IE 11.
To access Microsoft Teams, use the desktop app or a supported modern browser like the new Microsoft Edge.

Beginning August 17, 2021, the remaining Microsoft 365 apps and services will no longer support IE 11.
This means that after the above dates, customers will either be unable to connect to Microsoft 365 apps and services on IE 11 or have a degraded experience – new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.
This change will be difficult for some users,

Customers have been using IE 11 since 2013 when the online environment was much less sophisticated than the landscape today. Since then, open web standards and newer browsers—like the new Microsoft Edge—have enabled better, more innovative online experiences.

Respecting investments in IE 11 web apps
IE 11 isn’t going away1and customers’ own legacy IE 11 apps and investments will continue to work. Customers may have made business-critical investments in IE 11 legacy apps and those apps are still functioning. While bridging between modern and legacy apps, many customers may have no choice but to rely on a two-browser workaround of using IE 11 alongside a modern browser. However, with the new Microsoft Edge and Internet Explorer mode, customers don’t need an awkward workaround of one browser for some app,s and another for other apps. They can standardize on one browser and seamlessly experience the best of the modern web in one tab while accessing a business-critical legacy IE 11 app in another tab – all housed within the new Microsoft Edge.

With native integration in Microsoft management, security, and productivity tools, we recommend the new Microsoft Edge to address customers’ compatibility and secure remote work needs. Microsoft Edge has SmartScreen built-in and has the highest-rated phishing and malware protection as measured by two independent studies. We will Microsoft engineers are ready to help customers in case they run into compatibility issues. For more information, see the ‘Help is available’ section below.

Note: Using Internet Explorer mode in the new Microsoft Edge will not help to extend IE 11 access to Microsoft 365 apps and services beyond the dates listed above. Microsoft 365 apps and services will stop supporting IE 11 on the dates listed.

Microsoft Edge Legacy makes way for the new Microsoft Edge
The new Microsoft Edge is a browser built on the Chromium open source engine with the latest in Microsoft enterprise capabilities. Since its release in January 2020, millions of users have upgraded their home and work browsers to the new Microsoft Edge. Additionally, new devices and future Windows feature updates (starting with Windows 10, version 20H2) will contain the new Microsoft Edge.

Microsoft is ending support for the Microsoft Edge Legacy desktop app on March 9, 2021.
After March 9, 2021, the Microsoft Edge Legacy desktop app will not receive new security updates.

We recommend that customers first read the detailed Microsoft article about how to plan for deployment. The article guides customers through key questions and offers a path forward for major steps in the transition to the new Microsoft Edge.

Next, customers determine what type of support you may need..
Customers with Microsoft Unified Support can reach out to Microsoft for t hat support service for help transitioning to the new Microsoft Edge.

Microsoft FastTrack is available at no additional charge to customers with 150 or more paid seats of Windows 10 Enterprise. To get started, submit a Request for Assistance through the FastTrack site.

For those customers who prefer to get started on their own, there are self-guided deployment and configuration materials, complete with a series from Microsoft Mechanics, ready on our Docs site.

App Assure
It is natural for customers to be concerned about compatibility when it comes to business-critical apps and sites.. The App Assure promise is this: if customers’ web apps and sites work on IE 11, supported versions of Google Chrome, or any version of Microsoft Edge (including Microsoft Edge Legacy), those web apps and sites should work on the new Microsoft Edge.

If not, then they can contact App Assure for remediation support here or by email (ACHELP@microsoft.com).

Assistance is provided in Traditional Chinese and Simplified Chinese (support specialists speak Mandarin only), English, French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish.

To learn more about the new Microsoft Edge, customers can view the How to Get Started End User Guide.
( Internet Explorer 11 is a component of the Windows operating system and follows the Lifecycle Policy for the product on which it is installed.)

Comments Off on Microsoft 365 apps and services will no longer support IE 11 »

Posted in Dynamics 365, Microsoft, Security and Compliance, Technology