A number of IT Security Alerts have recently been provided via the Australian Cyber Security Centre, Microsoft and other vendors that require your attention. Please note that Maxsum Managed IT Services clients remain unaffected by these recent incidents and we provide the following details for your information only. We continue to monitor the situation closely and will advise of any updates where required.
If you have any questions, please feel free to contact your Maxsum Account Manager or our Service Delivery Team on 1300 629 786 or priority@maxsum.com
Kaseya Supply-Chain Ransomware Attack
Background
A supply-chain attack on Kaseya, which provides management, monitoring and automation software for managed service providers (MSPs), has led to REvil ransomware infections among Kaseya customers around the world.
Whilst any supply-chain attack is of great concern to all managed service providers, in this instance, Maxsum clients are unaffected, as Maxsum does not utilise the Kaseya product for management and monitoring.
What’s happening right now
The malware appears to have been delivered through an automatic update of the Kaseya VSA client management and monitoring software. Downstream customers of MSPs using Kaseya VSA have then had their systems infected by REvil ransomware with files being encrypted. This attack is still in progress.
Kaseya has informed users that they have shut down their servers and advised their customers to switch off their instances as well.
Actions
As a Maxsum Managed IT Services client, you are not required to take any action. Maxsum does not use the Kaseya service for managed IT service management or monitoring. This notice is provided so that you can be reassured of your position.
Where a small number of legacy Kaseya instances have been identified, those clients have been contacted directly and their situations addressed separately.
PrintNightmare Windows Print Spooler Remote Code Execution Vulnerability
Background
We have been made aware via our security partners of a new security exploit potentially affecting all all Servers or Virtual Machines running Windows Server products. In this case, a similar vulnerability was patched during Microsoft’s June 8 Patch Tuesday update. However subsequent to that a cybersecurity research company mistakenly published a proof-of-concept work on a similar exploit that may now allow rogue users to compromise Active Directory domain controllers.
What’s happening right now
This current Windows Print Spooler Remote Code Execution Vulnerability, nicknamed PrintNightmare, can potentially allow a malicious or compromised user to execute code at the system level on a remote domain controller via the vulnerable Windows Print Spooler service running on a server or virtual machine. A separate Microsoft patch will be required and although not available as yet, is expected in the next round of patch updates.
Actions
You are not required to take any action.
At this point in time, we are continuing to scan all client environments for vulnerabilities and indicators of compromise. Additionally, until an official Microsoft patch is released, we have been advised to disable Print Spooler on vulnerable computers. Where this is not possible, it is critical that network access to those servers be limited as strictly as possible.
Maxsum has actioned the recommended protective steps. We will contact you with further advice if this current vulnerability is found to affect your systems specifically.
If you have any further questions, please reach out to your Maxsum Account Manager or to our Service Delivery Team on priority@maxsum.com or 1300 629 786.
Security Updates for Microsoft Edge Browser
Background
On June 24, 2021 Microsoft released updates for their Edge Browser addressing two vulnerabilities that an attacker could exploit to inject and execute malicious code.
What’s happening right now
ACSC encourages users and administrators to review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.
Actions
To check if you are up-to-date, go to Settings > About Microsoft Edge. You’re browser version should be listed as 91.0.864.59 or higher. If it is not, contact your IT admin or manually check for updates and restart the browser.
Security Updates for Google Chrome Browser
Background
On June 17, 2021 Google released Chrome version 91.0.4472.114 for Windows, Mac, and Linux.
What’s happening right now
ACSC encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
Actions
To check if you are up-to-date, go to Settings > Help > About Google Chrome. You’re browser version should be listed as 91.0.4472.114 or higher. If it is not, contact your IT admin or manually check for updates and restart the browser.
More information about past and current alerts can be reviewed in the ASCS Alerts here.
If you have any further questions, please reach out to your Maxsum Account Manager or to our Service Delivery Team on priority@maxsum.com or 1300 629 786.