Skip to content

July 2021 Security Alerts

Jul 5, 2021

Blog Security

A number of IT Security Alerts have recently been provided via the Australian Cyber Security Centre, Microsoft and other vendors that require your attention. Please note that Maxsum Managed IT Services clients remain unaffected by these recent incidents and we provide the following details for your information only. We continue to monitor the situation closely and will advise of any updates where required.

If you have any questions, please feel free to contact your Maxsum Account Manager or our Service Delivery Team on 1300 629 786 or priority@maxsum.com

Kaseya Supply-Chain Ransomware Attack

Background

A supply-chain attack on Kaseya, which provides management, monitoring and automation software for managed service providers (MSPs), has led to REvil ransomware infections among Kaseya customers around the world.

Whilst any supply-chain attack is of great concern to all managed service providers, in this instance, Maxsum clients are unaffected, as Maxsum does not utilise the Kaseya product for management and monitoring.

What’s happening right now

The malware appears to have been delivered through an automatic update of the Kaseya VSA client management and monitoring software. Downstream customers of MSPs using Kaseya VSA have then had their systems infected by REvil ransomware with files being encrypted. This attack is still in progress.

Kaseya has informed users that they have shut down their servers and advised their customers to switch off their instances as well.

Actions

As a Maxsum Managed IT Services client, you are not required to take any action. Maxsum does not use the Kaseya service for managed IT service management or monitoring. This notice is provided so that you can be reassured of your position.

Where a small number of legacy Kaseya instances have been identified, those clients have been contacted directly and their situations addressed separately.

PrintNightmare Windows Print Spooler Remote Code Execution Vulnerability

Background

We have been made aware via our security partners of a new security exploit potentially affecting all all Servers or Virtual Machines running Windows Server products. In this case, a similar vulnerability was patched during Microsoft’s June 8 Patch Tuesday update. However subsequent to that a cybersecurity research company mistakenly published a proof-of-concept work on a similar exploit that may now allow rogue users to compromise Active Directory domain controllers.

What’s happening right now

This current Windows Print Spooler Remote Code Execution Vulnerability, nicknamed PrintNightmare, can potentially allow a malicious or compromised user to execute code at the system level on a remote domain controller via the vulnerable Windows Print Spooler service running on a server or virtual machine. A separate Microsoft patch will be required and although not available as yet, is expected in the next round of patch updates.

Actions

You are not required to take any action.

At this point in time, we are continuing to scan all client environments for vulnerabilities and indicators of compromise. Additionally, until an official Microsoft patch is released, we have been advised to disable Print Spooler on vulnerable computers. Where this is not possible, it is critical that network access to those servers be limited as strictly as possible.

Maxsum has actioned the recommended protective steps. We will contact you with further advice if this current vulnerability is found to affect your systems specifically.

If you have any further questions, please reach out to your Maxsum Account Manager or to our Service Delivery Team on priority@maxsum.com or 1300 629 786.

Security Updates for Microsoft Edge Browser

Background

On June 24, 2021 Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.

What’s happening right now

ACSC encourages users and administrators to review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Actions

To check if you are up-to-date, go to Settings > About Microsoft Edge. You’re browser version should be listed as 91.0.864.59 or higher. If it is not, contact your IT admin or manually check for updates and restart the browser. 

Security Updates for Google Chrome Browser

Background

On June 17, 2021 Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux.

What’s happening right now

ACSC encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Actions

To check if you are up-to-date, go to Settings > Help > About Google Chrome. You’re browser version should be listed as 91.0.4472.114 or higher. If it is not, contact your IT admin or manually check for updates and restart the browser. 


More information about past and current alerts can be reviewed in the ASCS Alerts here.

If you have any further questions, please reach out to your Maxsum Account Manager or to our Service Delivery Team on priority@maxsum.com or 1300 629 786.

Wishing you a Happy and Safe Festive Season. Our offices will be closed from 5pm Friday December 20 and will reopen Monday January 6. Holiday support arrangements are in place. Critical incidents can be logged by phone on 1300 629 786.