Google Chrome, Microsoft Edge, Mozilla Firefox and Apple’s Safari browser have all been impacted by a single zero-day vulnerability. The flaw, tracked as CVE-2023-4863, is caused by a heap buffer overflow in the WebP code library. Once exploited it can lead to system crashes and arbitrary code execution, where hackers can gain control over an infected device.

Where Does it Originate?

CVE-2023-4863 was first identified by researchers at The Citizen Lab, a research arm of the University of Toronto. The institution subsequently informed Google and Apple of the vulnerability’s existence. Both companies have now released patches. They were joined by Mozilla, which released its own advisory on CVE-2023-4863 yesterday and updates for several versions of its Firefox browser and Thunderbird email client, and Microsoft.

Vulnerability Originates In Webp Reader. Users of the affected browsers should update to the most up-to-date version in order to ensure the zero-day vulnerability is patched on their machines. The problem isn’t with the browsers — the vulnerability originates in the WebP Codec. Many applications use the WebP codec and libwebp library to render WebP images.

In more detail, a heap buffer overflow in WebP allowed attackers to perform an out-of-bounds memory write. A heap buffer overflow allows attackers to insert malicious code by “overflowing” the amount of data in a program. Since this particular heap buffer overflow targets the codec (essentially a translator that lets a computer render WebP images), the attacker could create an image in which malicious code is embedded. From there, they could steal data or infect the computer with malware. The vulnerability was first detected by the Apple Security Engineering and Architecture team and The Citizen Lab at The University of Toronto on September 6.

How Dangerous Is This Flaw?

Since many browsers, including Microsoft Edge, Brave, Opera, and Vivaldi are built on the Chromium platform, the same platform that Chrome is based on, this could affect their users as well. The same risk is also applicable for Firefox browser clones.

Such a widespread exploit in ubiquitously used software is dangerous, widening the attack surface for most organizations.

Patching will mitigate the risk, but users must act quickly as hackers will already be at work. Attackers will be working over the coming days and weeks to make the exploit more reliable meaning remote code execution will be more likely. Modern web browsers are exceptionally good at pushing out security updates rapidly and applying them as quickly as practicable, so users will shortly be protected.

The biggest risk is to organizations which don’t allow automatic updates and push out updates at their own release schedule.

What Steps Should You Take?

Google, Mozilla, Brave, Microsoft and Tor have released security patches for this vulnerability. Individuals running those apps should update to the latest version. In the case of other applications, this is an ongoing vulnerability for which patches may not exist; NIST noted that the vulnerability has not yet received full analysis.

If you are already a Managed Services client, please follow the steps below to check for updates

Google Chrome – Click the 3 dots in the top right corner for the menu and choose Help->About Google Chrome.  Chrome will check and install updates automatically from this screen.

Microsoft Edge – Click the 3 dots in the top right corner for the menu and choose Help and feedback->About Microsoft Edge.  Edge will check and install updates automatically from this screen.

Mozilla Firefox – Click the 3 lines in the top right corner for the menu and choose Help->About Firefox.  Firefox will check and install updates automatically from this screen.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990

IT leaders considering a Windows 10 migration as a cornerstone initiative risk having a focus that is a decade behind.

Microsoft and I have been “partners” in computing since my father brought home a strange beige box with MS-DOS 2.11 installed. I remember a few years later shuffling through a half-dozen 3.5-inch floppy disks and watching in amazement as my C:\> prompt was replaced with the seemingly magical Windows 3.0 user interface, kicking off years of computing bliss (and occasional frustration) with the famed Wintel alliance at my side.

Much as my early days of computing were defined by Microsoft, CIOs, and even average computer-using “civilians,” hung on the company’s every announcement. A Service Pack release, let alone a new version of Windows, was a cornerstone item in most IT project portfolios. In the past few years, a confluence of developments brought us to today, where Windows 10 — Microsoft’s soon to be latest and greatest OS update — barely registers on most CIOs’ radars.

The end of desktop dominance

Sales of traditional desktops and laptops, and now even tablet computers, have been fading for several years. Perhaps the greatest contributor to this trend is the rise of hosted applications, whether they’re public web apps like Gmail, heavy-duty enterprise applications accessed through a browser, or cloud offerings. Increasingly, Windows is merely a portal to get to the web-based tools we need to get our jobs done.

Even the web browser, once the subject of complex anti-trust lawsuits and one of the greatest “battles” in technology history, has become largely irrelevant. Whether Chrome, Firefox, IE, or Safari is the “weapon of choice,” they’re now about as relevant to how we consume computing services as a Samsung TV vs. a Sony TV is to experiencing the latest episode of Game of Thrones.

The failed “Windows Everywhere” gambit

Microsoft did something bold with Windows 8 by attempting to create an OS that transparently adapted to the user’s device. Dock your tablet, and the OS would theoretically adapt to a keyboard and mouse-centric computing experience. For developers, write a single “Modern” app and easily run it on a variety of Microsoft products from Xboxes to phones.

Unfortunately, the gamble failed. Windows 8 was panned by enterprise customers, most of whom migrated from XP to Windows 7 as support for XP ended, even though Windows 8 was an available option. Consumers were confused by the new user interface, and developers opted to follow the money to the Android and iOS platforms.

Windows 10 promises to rectify many of the failures of Windows 8, much as Windows 7 helped the company regain its footing after stumbling with Vista. However, we’re in a very different place than the summer of 2009, when the iPhone was still largely scoffed at as a “serious” enterprise device, and most corporate software still ran on fat clients that necessitated a capable desktop. The world was clamoring for a better Windows; now, most of that excitement is reserved for the latest Android device or iPhone.

Freeing Windows

Microsoft seems to have recognized this trend, and has made upgrades to its desktop OS free for consumers and made its crown jewel, Microsoft Office, available on platforms ranging from Android phones, to Mac desktops, to web browsers. Rather than a destination in itself, the desktop is now a gateway to a company’s cloud offerings like iTunes, Azure, Siri, and Cortana. Even Google is in on this game, offering its own platform with just enough muscle to get a user online and connected to Google’s portfolio of services.

The bottom line for IT leaders

Even though Windows 10 may be relevant to your organization, it doesn’t mean you should let Microsoft define your enterprise computing strategy. It seems even the vaunted company realizes that Windows is little more than a gateway to higher value services. As IT leaders, we need to make sure we’ve acknowledged the same trend.

Have questions?

Get help from Microsoft’s Cloud Solutions Partner.
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The final version of Windows 10 won’t be available until 2015, but that doesn’t mean you can’t live the Windows 10 experience — the extremely pre-final experience — right now.

The technical preview is available right now and although things will likely change drastically between now and release, now’s a good chance to get acquainted.

And keep checking back. As the months close in on the new OS’s final release, expect all our How To coverage to be posted right here.

Windows 10 Technical Preview: 1

Build 10049 of the Windows 10 Pro Technical Preview just dropped, and with it comes Microsoft’s sexy, speedy new browser: Project Spartan.

The next-gen browser has several new features to try out, including a distraction-free reading view and a fast, secure rendering engine (which was available as an experimental feature in Build 9926). But the coolest new feature is inking — the ability to draw, write on, and generally mark up Web pages from directly within the browser. You can share your marked-up creations via email or through social networks, or you can save them to OneNote.

Start inking

When you see a Web page you want to “ink,” click the small icon that looks like a pen and paper in the upper right corner of the browser window. There are only about five icons total, so this shouldn’t be too difficult to find.

The Web page will refresh and the inking toolbar will appear over the regular toolbar. On the left side of the inking toolbar, you’ll see five icons: Pen, highlighter, eraser, text, and clip. The pen tool is selected by default, so you can just start scribbling away if you’d like (in medium thickness, light blue ink). If you want to change the color of your pen, click the pen icon to choose from 12 colors and three sizes.

To use a highlighter, which will let you highlight text and images instead of drawing over them, click the highlighter button. Click the highlighter button a second time to select your highlighter color and shape (six colors, three shapes).

Type some comments

When you select the text tool, your pointer will turn into a cross-hair. Click anywhere on the page to drop a comment pin. The pin will appear where you click, and a thin line will connect it to a corresponding text box on the right side of the page.

Click inside the text box to type your comment. To minimize the box, you can either click the minus sign in the upper right corner of the box, or you can click the corresponding comment pin. To delete both the comment pin and the text box, click the trash can icon in the lower right corner of the text box.

The clipping tool will also turn your cursor into a cross-hair, so you can clip out a section of the page. It works similar to the Snipping Tool — click the clipping tool icon, and the page will fade out until you select a section of it. Once you have a section selected, you’ll see a small copy icon in the lower right corner; click this to copy your clip (you can paste it into another program, such as Microsoft Paint, if you want to save it).

Don’t make any mistakes

As of right now, the eraser tool doesn’t do much. If you click on it, nothing happens. If you click on it again, a “Clear All” box appears, which you can click to clear the Web page of annotations.

I assume the eraser tool will be fixed before Project Spartan goes public, because right now there’s no way to fix an annotation mistake without clearing the entire page and starting over.

Share or save your masterpiece

On the right side of the inking toolbar, you’ll see a save icon and a share icon. To save your newly-annotated webpage, click the save icon.

Right now, Project Spartan will let you save your marked-up page as an HTML file – that is, you can add it to your Favorites or your reading list. In the future, you’ll also be able to save your projects in OneNote.

To share your work, click the share icon to open up Windows 10’s sharing sidebar. Because this is such a new build, Project Spartan’s sharing capabilities don’t appear to be turned on – but when they are, you’ll be able to share your creation with any app that supports Windows’ sharing sidebar.

Have questions?

Our small business team is here to help.
Call us at: 856-745-9990

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

IMPORTANT INFORMATION: US-CERT and UK security agencies warn users to stop using Internet Explorer because of the severity in this security hole that has been used in “limited, targeted attacks”.

United States Computer Emergency Readiness Team released an alert on April 28, 2014 regarding vulnerabilities in Microsoft’s Internet Explorer.  Internet Explorer versions 6 through 11 are susceptible to be victims of attacks to exploit the Remote Code Execution Vulnerability.

US-CERT Vulnerability Note VU#22292

Microsoft Security Advisory 2963983

Workarounds:

Basic protection includes the installation of Anti-malware software, enabling a Firewall and applying all Windows/Microsoft updates.  In addition to basic protection, we recommend taking extra preventative steps listed below.  It is not necessary to apply all of the following workarounds, apply one to help protect your system and data.

Enable Enhanced Protection Mode

1. Open IE 10 or IE 11.
2. Click the Tools menu and select Internet Options.
3. In the Internet Options window, click the Advanced tab.
4. Scroll down the list of options until you see the Security section, click the checkbox to Enable Enhanced Protected Mode.  For IE 11 in a 64-bit version of Windows, you also need to click the checkbox to “Enable 64-bit processes for Enhanced Protected Mode”.
5. Restart IE to force the new settings.

Change Access Control List and unregister VGX.DLL:

32-Bit Systems:

1. Open elevated Command Prompt (Run as Administrator)
2. Run the following command:
   

   “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

3. Click OK to close Dialog Box confirming un-registration has succeeded.

64-Bit Systems:

1. Open elevated Command Prompt (Run as Administrator)
2. Run the following command(s) separately:
   

   “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll” “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll”

3. Click OK to close Dialog Box confirming un-registration has succeeded.

Windows XP and all other users.

For all user(s) that cannot follow recommendations from Microsoft are urged to use a different web browser.  For secure download(s) of Google Chrome or Mozilla Firefox, please follow the links provided.

For assistance with Changing IE Settings or Install a new Browser

 please contact us 856-745-9990 or click here.

Google Chrome Just Passed Internet Explorer To Become The World’s Most Popular Web Browser

After months of chipping away at its lead, Google Chrome has finally overtaken Internet Explorer to become most popular web browser worldwide. Chrome’s share of the market rose to 32.8% in the week ending May 20, while Internet Explorer’s share of the market dropped to 31.9%, according to new data from StatCounter, via TheNextWeb. This marks the first full week that Chrome has beaten Explorer. Google’s browser had previously topped Explorer for a single day back in March. Mozilla’s Firefox is the third most popular browser with just more than a 25% of the market.

Google Chrome:

To View Entire Article Click Here