Category: News Blog

Windows Server Vulnerability

Sep 28, 2020 by mcsltd

The information security firm Secura recently released a writeup of a very serious flaw in Windows Server and Active Directory which allows attackers to completely take over a domain controller if they have access to any workstation in the domain. The vulnerability was patched in the August update from Microsoft, but the details have only recently been released.

The English version is the existence of a flaw in Windows Server software on a Domain Controller Server giving a 1 in 256 chance that allows an attacker to bypass authentication. This attack is very quick and can take less than 3 seconds to change the password for a Domain Controller computer and completely take over control of a domain.

The more technically minded can read more at https://www.secura.com/pathtoimg.php?id=2055 The vulnerability is being addressed by Microsoft in two parts, firstly via their regular updates mid-August with a further update due in the first quarter of 2021 (due 9th Feb).

For anyone with a domain controller in their network, or if you are not sure what functions your server actually performs, these patches could be vital. Contact our Helpdesk for advice if you are in doubt.

Travel Agents Assistance Package Announced

Sep 9, 2020 by mcsltd

Travel agents will get financial help from the Government to fund their otherwise extremely quiet operations as they seek to assist kiwis seeking refunds for an estimated $690m worth of cancelled travel plans.

Consumer Affairs Minister Kris Faafoi announced yesterday (8 Aug) a consumer travel reimbursement scheme of up to $47.6 million to ensure travel agents can process refunds or credits for customers caught out by the COVID-19 pandemic.

“We know the travel sector and their customers have taken a massive hit due to the disruption caused by COVID-19. The Government’s been working with the sector to find a way to help agents assist their customers to get back money that they are owed by travel suppliers,” Faafoi said.

Travel agencies will be paid 7.5 per cent of the value of cash refunds, and 5 per cent of the value of credits secured for consumers. This will mean, for example, that if an agent recoups $10,000 in a cash refund on cancelled travel, the customer gets that money back and the agent will receive $750, if it’s a credit for the $10,000 cancelled travel, the customer gets the credit and the agent receives $500.

Faafoi added “I know that travel agents and wholesalers have been working hard to recover refunds and credits owed to New Zealand consumers, but are under severe financial pressure, with many facing the prospect of insolvency. It will also give greater confidence to the travel industry by limiting further insolvencies”.

DDoS – NZ’S GCSB WARNING

Sep 1, 2020 by mcsltd

The GCSB has issued a “be prepared” advisory for all Kiwi businesses on the heels of NZ seeing DDoS (distributed denial of service) cyber attacks. The GCSB’s National Cyber Security Centre (NCSC) strongly encourages all organisations to consider the risk to their organisation of DoS and ensure appropriate mitigations are in place. So far the attacks are being reported by major businesses however anyone can be a target.

The NCSC and Cert NZ recommend…

  • educate staff to be suspicious of email attachments they are not aware of
  • a cold backup (to a disk drive taken offsite) should be done as a complement to cloud backups
  • discuss with your service providers the details of their denial-of-service attack prevention and mitigation strategies
  • use cloud-based hosting from a major cloud service provider.

Millennium Computer Services are an established Microsoft Cloud Provider and Hosted Services Provider with over 20 years experience in hosting customer systems. To mitigate the risks presented in this advisory we utilise geographically separated data centres with multiple high speed fibre connections through different internet providers.

If your systems are hosted onsite, or through a service provider that does not include these fail-safes, please contact us for advice and options to ensure the continuity of your business systems.

Call our Helpdesk on 0800 627 583 / 04 471 1521 or Admin on 04 473 5822