We wanted to make sure that non-TSI clients receiving today’s newsletter were aware of 2 critical security incidences that we shared with our clients a couple weeks ago. Homeland Security and CISA (Cybersecurity and Infrastructure Security. Agency), released an urgent notification regarding a level 10 CVSS rated vulnerability called CVE-2020-1472, that was proactively addressed by our security team.
Although these issues were addressed before negatively impacting our clients’ environments, there were a number of valuable takeaways from the two incidents that we thought were important enough to include in this month’s newsletter:
- The most important takeaway is to never apply patches unless they are thoroughly reviewed by the TSI managed services team first.
- Microsoft in some cases will automatically download patches that can exacerbate the problem they’re attempting to solve and cause further issues.
If you’re a TSI client, you have a team of dedicated security professionals regularly reviewing patch updates to ensure they adequately address these critical vulnerabilities and do not negatively impact your network environments. If you’re not a TSI client, you should speak with your provider to ensure they’re staying on top of these types of security updates to ensure the ongoing integrity of your systems.
If you- client or not- have any questions, please don’t hesitate to reach out to us at any time. In the meantime, please visit our cybersecurity page for more information as to how we help improve our clients’ security postures and can help yours as well.