{"id":12316,"date":"2024-08-13T16:08:09","date_gmt":"2024-08-13T04:08:09","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=12316"},"modified":"2024-08-13T16:08:09","modified_gmt":"2024-08-13T04:08:09","slug":"urgent-security-advisoryfrom-microsoft","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=12316","title":{"rendered":"Urgent Security Advisory (from Microsoft)"},"content":{"rendered":"\n[et_pb_section fb_built=”1″ theme_builder_area=”post_content” _builder_version=”4.27.0″ _module_preset=”default”][et_pb_row _builder_version=”4.27.0″ _module_preset=”default” theme_builder_area=”post_content”][et_pb_column _builder_version=”4.27.0″ _module_preset=”default” type=”4_4″ theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.0″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]

We have been alerted to an issue with some Microsoft Office products.\u00a0 The vulnerability is reported to be actively exploited and we expect Microsoft will expedite the release of fixes.\u00a0<\/p>\n

Zero-day means that this is an immediate high risk and we are advised that it is already being exploited.\u00a0<\/b><\/h2>\n

Who is impacted?\u00a0<\/strong><\/h3>\n
    \n
  • Microsoft Office 2016 for 32-bit and 64-bit editions<\/li>\n
  • Microsoft Office LTSC 2021 for 32-bit and 64-bit editions<\/li>\n
  • Microsoft 365 Apps for Enterprise for 32-bit and 64-bit systems<\/li>\n
  • Microsoft Office 2019 for 32-bit and 64-bit editions<\/li>\n<\/ul>\n

    \u00a0What needs to happen?<\/strong><\/h3>\n

    There are three recommended courses of action.\u00a0 Kinetics is focusing on the firewall recommendation as it has the low probability of a negative impact.\u00a0 This recommendation is to block an outbound port on all firewalls.\u00a0 The possible impact would be that access to Azure file shares (that is not SharePoint) may fail.\u00a0 We have already tested this on our system, with no negative results.\u00a0 If you do use Azure file shares, there will be other steps we can take.<\/p>\n

    We expect the change to take an hour of engineering time per firewall.<\/p>\n

    How are Kinetics progressing this?<\/strong><\/h3>\n

    A team is currently working through all our KARE clients.\u00a0\u00a0\u00a0 We are starting with those who are supplied a firewall through us, then those who we patch manage firewalls for.\u00a0 After that it will be all remaining KARE clients.<\/p>\n

    As soon as patches are available we will be deploying those across all clients with KARE Foundation,\u00a0 and those left on the older “Core Fundamentals” and “Premium KARE” plans.<\/p>\n

    Those clients that are not on a KARE agreement, please contact requsets@kinetics.co.nz or your account manager.<\/p>\n

    FAQ:\u00a0If I wait for the patch, do I need the firewall change?<\/strong><\/h3>\n

    We recommend the firewall change.\u00a0 We are adding it to our default configuration.\u00a0 This will help protect against future events of a similar type.\u00a0 UIt is not expensive to make the change (an hour maximum) and is sensible in this situation.\u00a0<\/p>\n

    FAQ: What other protection do I have?<\/strong><\/h3>\n

    KARE Foundation clients have many layers of protection.\u00a0 Our browser security uses AI to look for websites that maybe compromised.\u00a0 Foundation clients also have our EDR which will also be looking for signs of nefarious activity<\/p>\n

    \u00a0We will continue to monitor the security threads on this matter.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"

    We have been alerted to an issue with some Microsoft Office products.\u00a0 The vulnerability is reported to be actively exploited and we expect Microsoft will expedite the release of fixes.\u00a0 Zero-day means that this is an immediate high risk and we are advised that it is already being exploited.\u00a0 Who is impacted?\u00a0 Microsoft Office 2016 […]<\/p>\n","protected":false},"author":5,"featured_media":11735,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-12316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/12316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12316"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/12316\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}