Security Updates: A Microsoft Office 365 Flaw and the End of Internet Explorer
Updates to software applications are continually being released by their publishers. Sometimes updates are released to address security issues, sometimes they introduce new features, while other times they retire features. Regardless of the reason for these changes, users can only avoid updates for so long. Eventually you will want to update your application before it fails to work with other programs. Keep in mind, while some changes can be tedious, it is never a good idea to skip security updates.
This post discusses a recently discovered flaw in Microsoft's Office 365 OneDrive application and the end of life for Internet Explorer.
Security Updates: A Microsoft Office 365 Flaw and the End of Internet Explorer
Both items in this post are Microsoft products, and while there are certainly other security issues, these two were chosen because Microsoft's products are widely used and have the potential to affect many users.
Office 365 OneDrive flaw
A security flaw that allows ransomware to encrypt files stored in SharePoint and OneDrive was recently revealed by Proofpoint. Ransomware is an attack that encrypts the files on an infected device, as well as any physically attached devices, and any data it can traverse using locally mapped drives. This robustness is part of what makes ransomeware so effective.
The flaw that was discovered includes a series of steps that allows access to a users' SharePoint or OneDrive online account. With access, the attacker can manipulate the victim's files. Most importantly, the attacker can lower the number of stored file revisions, which is critical to data recovery. Reducing the number of revisions lowers the victim's ability to recover from a ransomware attack. At this point the attacker encrypts the remaining files using ransomware before contacting the victim and trying to collect money for the decryption key.
What you need to know: Ransomware is a real threat, regardless of how it is delivered. The only true protection from a ransomware attack is a full backup that is stored offsite. This flaw affects cloud-based file storage, which means even offsite files can be at risk. This is an example of why backups are still necessary even when you have files stored in the cloud.
What you should do: Be sure you have backups with file versioning that is not affected by this flaw. Microsoft's cloud-based file storage solutions - SharePoint and OneDrive - do not promise backups of your data if something happens to your files so it is important to have backups in addition to SharePoint or OneDrive file storage.
Internet Explorer end of life
Internet Explorer is a web browser that was first introduced in 1995 and went through a number of upgrades over the years. Like many applications, Internet Explorer has reached its end of life for support and has been replaced with a new web browser from Microsoft. Most people will have been exposed to Microsoft's Edge browser by now, as it was released with Windows 10, but may not have committed to leaving Internet Explorer behind.
With Internet Explorer being supported for so many years, there are tons of applications that were dependent upon it, building their application around its interface and functionality. This means there are users who still have legacy software that relies upon Internet Explorer.
This can be because the publisher of the application is no longer around, because the publisher is no longer releasing newer versions of the software, or any other number of reasons. In these cases, users are forced to continue running the legacy application on the old browser or lose the ability to use it altogether. Other times users are stuck with an older application because they cannot find an ideal replacement and/or they are reluctant to move all their data to a new application. Moving to a new application is often costly to purchase as well as taking a lot of time to fully accomplish.
What you need to know: Moving off of Internet Explorer will soon not be an option as Microsoft rolls out changes that will remove it from devices to protect users from potential security threats.
There are several phrases that discuss the life cycle of applications and you have probably heard of them. End of support means the application will no longer have developers working on it to release updates or new features. Typically, the publishing company will still release security updates in cases where huge security risks have been found. On the contrary, an application end of life means it is no longer being supported by the software owner, even to address security threats.
End of support and end of life happen because new versions of applications are rolled out and companies can only afford to have developers working on applications that are backward compatible for so long. As users switch to newer versions and less people are using older versions, it becomes a financial burden for a company to continue to have developers work on older, less popular, applications.
What you should do: If you are still using Internet Explorer, start using the Edge browser, or another current browser, as soon as you can. Where possible, import your favorites from your existing browser to a new one. If that is not possible, open the old browser while you still can, and add all desired bookmarks into the new browser. This is best done BEFORE you lose access to Internet Explorer. Lastly, open Settings, Apps & features, and remove the Internet Explorer app.
Security threats will only continue to become more and more sophisticated. This means users need to continue to be vigilant at all times to protect their data. Additionally, data backups are the only true way to be sure you can recover from a catastrophic event like a ransomware infection. Lastly, move away from software that has hit end of life as soon as possible as it presents a security risk.
As always, knowing the ways new threats are being deployed can help protect you when something questionable comes your way!