SpireTech Blog - Tag: Exchange
Ubiquiti, a vendor best known for inexpensive and reliable Wi-Fi gear has been hacked. Rumor is that an employee’s LastPass credentials were stolen, which allowed hackers access to Ubiquiti’s entire infrastructure, including customer data, passwords, and so on. The IT community has been annoyed by the vendor’s evasiveness in its response.
While we use and recommend Ubiquiti Wi-Fi gear, we do not use their cloud-hosted wireless management servers, and do not store information on Ubiquiti servers, so we do not believe our clients are impacted.
For more information on the breach, see https://www.theverge.com/2021/3/31/22360409/ubiquiti-networking-data-breach-response-whistleblower-cybersecurity-incident
Our service desk spent an unusual amount of time last month troubleshooting internet connectivity related issues for clients. Typically, we’re looking at speed or downtime issues at an office that workers are trying to connect to over VPN to work remotely. Oftentimes, we’re spending a lot of time dealing with technical support at the various ISP’s around town – which has led us to have opinions on who is good and who is not in the Portland metro area. It is almost always the ISP’s problem, and certain ones have earned a well-deserved spot on our “bad” list for being time-wasters or just plain unreliable. Talk to us before you order internet, please.
What can we do to mitigate these speed or reliability issues? There are two things:
- If you are keeping your office long term and have a second ISP available in your area, we can look at redundant internet connections, combined with a Bigleaf appliance. Bigleaf is a local company in Beaverton that offers affordable appliances that handle redundancy and speed optimization automatically. This is also useful when you are using a phone system that relies on the internet to function, such as VoIP.
An update that Microsoft released in March caused issues for many users, ranging from printouts and PDF exports containing no text, jumbled text/graphics, applications freezing or giving errors, or even a full system crash (aka “blue screen”) when attempting to print. We quickly blocked it from being installed, but had to roll it back on many systems where it had already been deployed. The “fix” to the patch that was subsequently released also caused further issues. This is unfortunate, because the patch also contains important security fixes.
We believe that the next update that will be released in April will fix the bug but we are proceeding carefully. For further technical information, please see the following article: https://windowsreport.com/kb5000802-kb5000808-bsod/
We aren’t sure why this isn’t “Headline News”, but it should be: Due to a technical glitch or human error, Microsoft recently deleted files from some SharePoint online sites. Across our client base, one customer was affected – to the tune of approximately 300k files missing, scattered randomly about their file structure.
There were grumblings online about this happening to others: https://www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/
Microsoft issued some advisories, but wasn’t fessing up to the cause, and technical support was extremely slow to assist or even acknowledge the situation. We believe the issue was related to an Azure AD authentication problem that happened around the same time – also plaguing lots of businesses – around March 15th, where people could not login to any Microsoft or other cloud services that depend on Azure AD for authentication.
So yes, this should underscore the message that you do need to backup your cloud storage using a service or specialized hardware. This would include all cloud vendors – not just Microsoft. As we all know and experience frequently, software bugs or human error can lead to data loss. Read more...
On Tuesday March 2nd, Microsoft announced a new zero-day vulnerability targeting Exchange email servers. M365 Exchange online is not affected. Microsoft quickly released out-of-band patches to address the vulnerability. Our NOC (Network Operations Center) immediately went into action, patching client’s exchange servers late into the evening.
For more information on the breaches, please see the following articles:
- Tech Community / MS Patch Response – Released: March 2021 Exchange Server Security Updates – Microsoft Tech Community
- MS Security Center Response – Multiple Security Updates Released for Exchange Server – Microsoft Security Response Center
Unfortunately, this information comes to light after the exploits have been observed in the wild by security researchers, as is often the case with these vulnerabilities. Our NOC has been examining systems looking for evidence of attack, and we believe that the attack is more widespread than Microsoft initially disclosed. We will be notifying any affected clients directly. Read more...