Category: information security

Posted on

Love It or Leave It? QuickBooks Desktop Needs Internet Explorer 11 and Microsoft Uninstalls It.

We all know that software companies recommend running current versions of their frameworks and applications. Often for security reasons, software developers regularly update their products to make them more capable of avoiding or fending off attack of various kinds. New feature and integration delivery and updated compatibility requirements are also big drivers of software updates. Especially as online threats increase and attack potential skyrockets, businesses need to keep their systems updated and secure, and a regular cadence of updates and upgrades makes good sense… but only when the potential impacts of the upgrade have been thoroughly explored. With Windows 10 and 11 and the improved Edge browser (improved over IE), users are loving the enhancements and features. QuickBooks desktop users, on the other hand, might have preferred that Microsoft just leave Windows browsers alone.

The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022

Microsoft is removing Internet Explorer 11 on some Windows 10 computers, and it doesn’t come with Windows 11. According to Microsoft:

The future of Internet Explorer (“IE”) on Windows 10 is in Microsoft Edge. What does this mean for commercial organizations, IT admins, developers, and end users? Microsoft Edge brings you a faster, more secure, and more modern web experience than Internet Explorer. Also, Microsoft Edge with Internet Explorer mode (“IE mode”), is the only browser with built-in compatibility for legacy IE-based sites and apps.

As announced today, Microsoft Edge with IE mode is officially replacing the Internet Explorer 11 desktop application on Windows 10. As a result, the Internet Explorer 11 desktop application will go out of support and be retired on June 15, 2022 for certain versions of Windows 10.

Internet Explorer 11 has been an old technology browser for many years now, so it isn’t surprising that Microsoft is moving ahead with Edge. Browsers are used for far more than just viewing static web pages or bulletin-board chat rooms, so they have grown into frameworks that support a wide variety of processes and procedures. As browsers go, IE11 just doesn’t cut it any longer. But there is a hitch that can really mess up the (literally) millions of QuickBooks desktop users out there who innocently update their computers when Microsoft pushes it via Windows update.

IE11 gets removed from the machine, but QuickBooks desktop 2021 and earlier are dependent on IE11 to run

A little dependency is unavoidable in any good relationship where cooperation and compromise are involved. But being a little too dependent on another can be unhealthy and put a lot of stress on the relationship. Dependencies are among the things to consider any time a software update or upgrade is about to be installed. What relationship does the software about to be updated have to other applications or services installed? Is the new version going to get along with the other applications on the system, or will it even run on the current system? These are the things which should be closely looked at to avoid problems post-update.

Many users are already reporting problems opening their QuickBooks desktop software due to IE being removed from their Windows 10 computers. Microsoft has announced the retirement of IE11, but most users either don’t pay attention to those notices or they don’t really understand the implications. These are among the things that Mendelson Consulting and the NOOBEH cloud services teams pay attention to for you, so that we can help you avoid the things that keep your business from doing business.

If you find that your QuickBooks desktop software will no longer run due to IE having been disabled or removed on your computer, you can link here to find instructions on how to disable and enable Internet Explorer on Windows 10. This will get IE re-installed on your computer so that you can make your QuickBooks desktop software work again.

QuickBooks Desktop 2022 versions are compatible with Windows 11 and Edge browser

QuickBooks Desktop 2022 versions, including Pro, Premier and Enterprise editions, are certified as fully compatible with Windows 11 64-bit, but only if you have installed R3 or later. Other year versions of QuickBooks (and QB 2022 desktop running a prior update release level) may experience unexpected issues including problems with browser compatibility.

What’s the benefit of modernizing if it breaks your business?

Updating application software often means also updating your operating platforms. To keep your business running smoothly, you need to make sure to keep your computers and your application software up to date. It makes no sense to fix a vulnerability in one place but leave another open. Yet sometimes your software vendors don’t do things in an order that works for you, and you end up breaking something that the business depends on. This is where companies find additional value in what Mendelson Consulting and NOOBEH cloud services offer.

For customers running their QuickBooks desktop applications on the Microsoft cloud with NOOBEH, we got you covered. Among the many benefits of working with Mendelson Consulting and NOOBEH cloud services is that we help keep your business software and systems working for you, not against you. We stay up to date with the latest changes to platforms and software systems to ensure that compatibility and performance isn’t compromised. We help businesses leave their old systems and migrate to modern, agile cloud platforms that businesses love.

jm bunny feetMake Sense?

J

Posted on

Microsoft 365: Stay Updated or Lose Connectivity and Support

Microsoft Office is a staple of business software, setting the standard for productivity applications across the globe. Unfortunately, popularity often means “target” and the bad guys out there are gunning for your system, looking for vulnerabilities they can exploit. This is among the reasons to make sure your Office applications are staying up-to-date with the latest fixes and security features. The easiest way to do this is to turn on automatic updating for Windows via Microsoft Update so that your system gets Office updates for earlier versions of Office you might have installed, such as Office 2010 or an Office volume license install.

Security updates aren’t the only reasons to keep your systems up to date. Sometimes an update addresses compatibility with other applications or services. In recent days, Microsoft has reminded businesses of the roadmap for Microsoft 365 services where certain versions of the Office and Microsoft 365 applications will stop communicating with the Office 365 and Microsoft 365 services.

Microsoft Outlook for Windows

Effective as of November 1, 2021, older versions of Outlook for Windows (starting with Outlook 2007), will be unable to connect with Office 365 and Microsoft 365 services, including hosted Exchange mailboxes. Versions that are only a little bit out of date might work, but are likely to experience connectivity issues with the back-end services. Here’s the list of retired versions of Outlook for Windows:

  • Office 2007 All Versions
  • Office 2010 All Versions
  • Office 2013 Versions prior to 15.0.4971.1000 of Office 2013 (Service Pack 1 with the October 2017 Update)
  • Office 2016 MSI Versions prior to 16.0.4600.1000 of Office 2016 (With the November 2017 Update, KB 4051890)
  • Microsoft 365 Apps for enterprise;(formerly Office 365 ProPlus) 1705 and older
  • Microsoft 365 Apps for business(formerly Office 365 Business) 1705 and older

OneDrive sync on Windows

Microsoft is now aligning the OneDrive sync on Windows systems with the Windows operating system support lifecycle policy.  In short, OneDrive sync on Windows will only be supported on supported versions of Windows beginning in January 1, 2022, If your version of Windows is no longer being supported, then the OneDrive sync on those machines will no longer receive updates or fixes of any sort.

  • Windows 7 and Windows 8.1 will be supported until January 10, 2023
  • Windows 8 reached end of support on January 12, 2016

If you are running the OneDrive sync app on Windows 8.1, you will no longer receive feature updates but will receive security fixes until January 10, 2023.

If you are running the OneDrive sync app on Windows 7 (and are participating in the Extended Security Update (ESU) program), you will continue to receive critical and important security updates until January 10, 2023. Extended Security Updates don’t include new features, customer-requested non-security updates, or design change requests.

If you are running the OneDrive sync app on Windows 8, you will no longer receive updates or fixes of any kind, as Windows 8 is no longer supported.

Businesses concerned with keeping their systems up and running should take care to ensure that PCs and servers are updated with current, supported operating systems and application software. Ignoring PC updates and Windows upgrades can create unnecessary disruption and leads to lost productivity and lost profits. For PCs, Windows 10 or 11 is the OS to be running. For Windows servers, Server 2019 is the most current version.

Mendelson Consulting’s NOOBEH Cloud Services team knows how important it is to keep your core operating software and applications current, compatible and supported. That’s why we only deploy modern servers and current operating systems on the Microsoft Cloud platform, ensuring our hosted clients have the foundation they need to keep workers performing and operations running.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Building A Solid Foundation for Business Cybersecurity

The cybersecurity threat landscape has changed dramatically in the last few years. No longer primarily a big-business concern, cybersecurity has become a key focus of businesses small and large. Attacks on SMBs are on the rise, perhaps because they represent a plentiful and often easy target. And the cost of damage and disruption to business just keeps going up.

Cybersecurity is not a problem you can simply throw a bunch of money and tools at to fix.

No matter how much great software or fancy systems you implement, the people will always be a big part of the equation. The root cause of over half the data breaches reported is a result of negligent employees or contractors.

That means that nearly half of all attacks are being executed through phishing or social engineering. The only tool you can apply to this problem is education. Efforts should be focused on security awareness and training workers to be more cautious to the point of almost being paranoid. Better to be safe than sorry in this case.

Training workers to be more careful as they work with emails, documents and websites is part of it, but there is much more to making sure the business is addressing the entire cybersecurity issue. NIST (National Institute of Standards and Technology) offers a wide variety of information and guides that businesses can use to learn more about and implement cybersecurity practices. Among these resources is the Cybersecurity Framework.

According to NIST, “the Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.” It is a highly useful tool in helping the business align and prioritize activities with business requirements, risk tolerances and resources. The standard framework includes elements that are consistent and common across sectors and critical infrastructure, so it can be oriented to any business.

Even if the business is not prepared to delve into the details of a comprehensive cybersecurity policy and guideline, a basic outline and approach cannot be avoided without asking for disaster.

Putting this squarely into the Risk Management category, there is an ongoing process of identifying, assessing, and responding to risk situations or conditions. To manage the risk, businesses need to consider the likelihood that an event will occur and what the potential impact is as a result.

Knowing the acceptable level of risk for reaching the business objective is the risk tolerance. If a business understands its risk tolerance, the company can prioritize cybersecurity activities and make informed decisions about cybersecurity expenditures.

There are five key functions to consider as it relates to cybersecurity risk: Identification, Protection, Detection, Response and Recovery. How the business addresses each of these in the context of the systems and activities is essentially the business’s cybersecurity posture, a high-level and somewhat strategic view of the organization’s management of cybersecurity risk.

The key to building a solid foundation for  business cybersecurity practice is to establish a platform where all the business applications and data can be identified and access secured.

User desktops, productivity applications, operational software and business data can be hosted on private cloud servers, allowing the business to fully-manage data and application access. The server-based model reduces or eliminates the need to sync data to devices, and remote desktops keep user environments secure, patched and up-to-date.

Our consultants can’t write your cybersecurity policies or determine your risk tolerance, but we can help implement a solution that improves fault tolerance, resilience, and recovery.

Make Sense?

J

Posted on

Windows Server 2012/R2 Not Aging Well, Loses Support for Microsoft 365 Apps

Lots of people loved (and continue to love and use) Windows Server 2012/R2. This Windows Server release introduced several new and improved features that made it a cornerstone of business and service provider networks worldwide. Notable improvements in virtualization with Hyper-V, along with improvements in storage, networking, remote access and server administration features, made 2012/R2 a necessary upgrade from the 2003 and 2008 versions still present in many networks.

Sadly, even though Release 2 (R2) for Server 2012 was largely a new OS due to its features and capabilities, it did not receive a new lifecycle end date and instead inherited the end dates for 2012 version. And an extended lifecycle end-date doesn’t guarantee extended usefulness or compatibility.

Windows Server 2012 began with mainstream support on October 30, 2012 and that mainstream support ended in January 2018, including for R2. Extended support for 2012/R2 goes through January 2023, but that is only if you are paying for Software Assurance for your licenses.

During this period where extended support may still be available for the OS, there is no guarantee that it will remain as a supported platform for your application software. An example of this is the Microsoft Office 365 Apps suite formerly known as ProPlus. The Office 365 apps, which include Outlook, Word, Excel, Powerpoint and more, are staples of business users worldwide. These applications are no longer supported on Windows Server 2012/R2.

Microsoft 365 Apps ended support on Windows Server 2012/R2 on January 14, 2020.

Innovative features and functionality continues to be released for the Microsoft 365 Apps and Microsoft needs to know that the platforms running the applications will work properly with those innovations. As the software is improved and new capabilities introduced, stability and performance issues can plague the install when it is running on older or unsupported operating systems.

Microsoft has pointed out that any Microsoft 365 Apps updated to version 2005 or later will result with functionality and stability problems because there are changes that are specifically not compatible with Windows 8 and Windows Server 2012.

The pace of change is increasing no matter what industry you are in. With technology adoption rates rising faster than ever in all sectors, business owners cannot rely upon outdated systems if their operations are to remain competitive. Application software as well as the operating system platforms it runs on must be regularly updated in order to provide the reliable performance and useful functionality demanded by today’s business users.

jmbunnyfeetMake Sense?

J