Microsoft 365 Suggests Rollback After Issues From Update

Does your company use Microsoft 365?  If so, and you’ve noticed that your Office apps have begun to crash mysteriously and inexplicably, be aware that the latest update (build 15330.20298) is the culprit.

Unfortunately, the bug was introduced in the Enterprise channel during the company’s regularly scheduled “Patch Tuesday.”

The error manifests itself when users try to open a contact card or hover over a contact’s name or picture in shared documents, emails, or comments.

For their part, the company has moved quickly. Although they have not identified the root cause of the issue yet, in the meantime, they went back to the last version confirmed to not contain the bug.

Microsoft is advising any users who have installed version 2206 to roll back to version 2205 to get around the issue. For Admins, the company drafted specific rollback instructions and posted them on their website.

For some time last year, Microsoft’s updates were plagued with issues and several annoying bugs crept into the mix in just about every update the company made.

They re-doubled their efforts and tightened up their processes, and the number of faulty updates declined markedly.  This latest update breaks the trend.  With any luck, this will prove to be a one-time mistake with their next update, and the updates that follow will be smooth sailing.  Given the trouble in the recent past, it’s something that bears paying close attention to in the weeks ahead.

Kudos to Microsoft’s engineers for their fast action here, and we hope that the issue will be resolved before much longer.  It’s unfortunate any time a new bug is introduced, especially to a system as complex as Microsoft 365. Overall, the company has done a good job of addressing issues as they arise, and we expect that to be the case in this instance.

IoT Security With Microsoft Defender

The Internet of Things (IoT) has seen explosive growth in recent years.

If you like, you can now build your own smart home with intelligent toasters, washing machines, dishwashers, and refrigerators. They are all connected to your home network, and they all make vast amounts of data available to you at your fingertips.

Unfortunately, security is slim to non-existent on most of these “smart” devices.  We’ve seen botnets enslave those smart devices and put them to use in a wide range of malicious ways. Although many industry experts have been sounding the alarm, few of the smart device manufacturers have taken much of an interest in bolstering security on the products they sell.

The good news is that Microsoft may have an answer.  The Redmond giant recently released Microsoft Defender for IoT in a bid to secure smart TVs, printers, washing machines, and any other “smart” device you may have connected to your network.

The company previewed Defender for IoT in the waning days of 2021.  Back then it was called Azure Defender for IoT and before that it was Azure Security Center.  By any of those names however, it’s the same code and it’s clear that plugging this gigantic gap in device security has been on Microsoft’s radar for quite some time.

Now at last, the product is ready for a proper unveiling and it’s a solid solution. That is especially given the fact that it integrates seamlessly with Microsoft 365 Defender, which millions of users the world over already rely on.

Michal Braverman-Blumenstyk is Microsoft’s Corporate VP and Chief Technology Officer of Cloud and AI Security.

Michal had this to say about the new product:

“…Defender for IoT now delivers comprehensive security for all endpoint types, applications, identities, and operating systems.

The new capabilities allow organizations to get the visibility and insights they need to address complex multi-stage attacks that specifically take advantage of IoT and OT devices to achieve their goals.

Customers will now be able to get the same types of vulnerability management, threat detection, response, and other capabilities for enterprise IoT devices that were previously only available for managed endpoints and OT devices.”

If you have one or more smart devices connected to your network (and you probably do), you need Defender for IoT.  Kudos to Microsoft.

Raspberry Robin Worm In Hundreds Of Windows Networks

Analysts at Red Canary Intelligence have recently spotted a Windows worm on hundreds of networks belonging to a wide range of organizations around the world.

Dubbed “Raspberry Robin” by the research team that discovered it, this worm spreads via infected USB devices and was initially spotted in September of last year (2021).  Another firm, Sekoia, observed the worm even earlier, citing appearances of similar code strains on QNAP NAS devices as early as November of 2019.

So far, nothing is known about the threat group that created the worm.  There’s nothing in the code that ties it definitively to any of the large, organized, active groups of hackers around the world. Although a code analysis reveals that it is quite advanced.

Although it has spread far and wide, and it is clearly capable of unleashing untold amounts of harm, the threat actors behind the worm have simply opted not to. At least not yet.

It is not known whether it’s because they wish to give the worm more time to spread before inflicting harm to maximize the impact of that harm, or because the group is still in early stages and is essentially testing its capabilities to see how far and how easily it will spread.

Given how little is known about the particulars and the theoretical capabilities of the worm, Microsoft tagged this as a high-risk threat. They stress that although the hackers have, not opted to use it to deploy additional malicious payloads so far, that could change at literally any time.

This is one to be on the lookout for.  Make sure your IT staff are aware of it and on high alert.  As additional details emerge about the worm and who might be behind it emerges, we’ll almost certainly have more to say about this latest threat.

Prepare For Windows Server 2012 End Of Support

Another week, another Microsoft “End of Life” reminder to write about.

This time, it’s Windows Server 2012 R2.  If you’re a user, then you’re probably already aware of the looming deadline. If you’ve blocked it out of your mind, or if you’ve missed the notifications that Microsoft has been sending out, here’s what you need to know.

The End-of-Life deadline for Windows Server 2012 R2 is October 10, 2023.  If you have not begun making transition plans, now is the time to do so.  Beyond that date, you’ll no longer receive regular patches or security updates which will put your company at risk.

To minimize that risk, Microsoft recommends updating to Windows Server 2019 at your earliest convenience.

It’s also worth mentioning that Server 2012 R2 will follow Microsoft’s “Fixed Lifecycle Policy,” which means it has 5 years of mainstream support plus an additional five years of extended support.

During the mainstream support period, the product receives all updates and support.  During the extended support period, users stop getting non-security-related updates.  Once the extended support period ends, all updates cease. Thus, End of Support.

If you’re evaluating the October 10th 2023 deadline with a pit in your stomach, it’s worth mentioning that customers who need more time can opt-in for a paid plan called “Extended Security Update” that gives you another three years, but that’s a hard deadline.  After that, there is no more support no matter how much you offer to pay.

The cost of the “Extended Security Update” gets more expensive in each of the three years it’s offered. It amounts to 75 percent of License Cost for year one, 100 percent for year 2, and 125 percent for year three. If you need the extra time to transition away from Server 2012 R2, you may consider that to be money well spent.

In any case, the time to start making plans is now.

Microsoft Is Phasing Out Windows 8.1

If you are still using Windows 8.1 and if you’ve somehow managed to avoid seeing the parade of notices Microsoft has been sending out, you should know that the end is nigh.

Support for the aging OS will end on January 10, 2023.  If you have not already done so, you should begin making plans now to migrate away from that OS, and to something more modern.

This is a similar track the company adopted where the end of Windows 7 support was concerned, and the current deadline should not be a surprise to anyone.

After all, Windows 8 itself reached the end of support back in 2016. Although users of version 8.1 got a considerable extension from that point.

It’s worth mentioning that Microsoft has decided not to offer an Extended Security Update (ESU) program for Windows 8.1, so when the date arrives, that’s it.  No matter how much you may want one, you won’t be able to pay for an extension. That means you’ll lose the benefit of ongoing security patches from that point forward.

Although Windows 10 gets the lion’s share of the press for being the most widely used version of the OS of all time, Windows 8.1 was significant for the Redmond Giant.

Windows 8’s initial release was not well received, and the company worked hard to address the (often legitimate) concerns that the OS’s massive user base had.  Windows 8.1 was the culmination of those efforts and the Windows 8.1 era of the company’s history saw steady improvements in both aesthetics and functionality.

In fact, it’s fair to say that without the gains made during the Windows 8.1 era, the current OS would still look dated and many of the components that are integral to all of Microsoft’s operating systems might not have yet been overhauled.

In any case, the sun is indeed setting on Windows 8.1.  Be sure you’re ready when it goes full dark.