Back to Top

Tech, Web, Cloud & Cabling Services

Tag Archives: Windows

Windows tag

Microsoft Windows 7 Service Pack 1 released

Takeaway: On February 22, 2011, Microsoft released Service Pack 1 for Windows 7 to the general public. Should you download and install it?

As of February 22, 2011, Service Pack 1 for Windows 7 is available to the general public from the Microsoft Service Pack Center. Windows 7 SP1 includes previously released security, performance, and stability updates, plus some improvements to features and services.

Microsoft suggests that individuals just let the normal Windows update system handle installation of the service pack. However, if you’d like to accelerate the process you can download the file and install it manually. The install will take around 30 minutes and you will have to reboot the PC during the process.

Depending on what method is used to install the service pack, you will need anywhere from 750MB to 7400MB of available disk space storage to complete the installation procedure, so plan accordingly. If you have a pre-release version of SP1 installed, you will have to uninstall it before you install the latest version.

Also note that some antivirus software will prevent SP1 from being installed properly, so you may want to temporarily turn off your antivirus while the installation takes place

To view the original article in it’s entirety Click Here

Is Your Organization Using SHA-1 SSL Certificates? If so here’s what you need to know and do:

ssl

 

Following a recommendation by the National Institute of Standards and Technology (NIST), Microsoft will block Windows from accepting SSL certificates encrypted with the Secure Hash Algorithm-1 (SHA-1) algorithm after 2016. Given the number of mission-critical SSL certificates that are allowed to expire from inattention, administrators have their work cut out for them. By knowing what will happen, why it’s happening, and what you need to do, you won’t be surprised by these important policy changes.

What’s Happening?

On November 12, 2013, Microsoft announced that it’s deprecating the use of the SHA-1 algorithm in SSL and code signing certificates. The Windows PKI blog post “SHA1 Deprecation Policy” states that Windows will stop accepting SHA-1 end-entity certificates by January 1, 2017, and will stop accepting SHA-1 code signing certificates without timestamps after January 1, 2016. This policy officially applies to Windows Vista and later, and Windows Server 2008 and later, but it will also affect Windows XP and Windows Server 2003.

SHA-1 is currently the most widely used digest algorithm. In total, more than 98 percent of all SSL certificates in use on the Web are still using the SHA-1 algorithm and more than 92 percent of the certificates issued in the past year were issued using SHA-1.

Website operators should be aware that Google Chrome has started warning end users when they connect to a secure website using SSL certificates encrypted with the SHA-1 algorithm. Beginning in November 2014 with Chrome 39, end users will see visual indicators in the HTTP Secure (HTTPS) address bar when the site to which they’re connecting doesn’t meet the SHA-2 requirement. Figure 1 shows those indicators.

 

Figure 1: Visual Indicators in the HTTPS Address Bar

 

Google is doing this to raise end users’ awareness and to help guide other members of the Internet community to replace their SHA-1 certificates with SHA-2 certificates.

Why Is Microsoft Deprecating SHA-1?

SHA-1 has been in use among Certificate Authorities (CAs) since the U.S. National Security Agency (NSA) and NIST first published the specification in 1995. In January 2011, NIST released Special Publication 800-131A, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.” This publication noted that SHA-1 shouldn’t be trusted past January 2016 because of the increasing practicality that a well-funded attacker or government could find a SHA-1 hash collision, allowing them to impersonate any SSL website.

Realizing that it’s highly unlikely that CAs and the industry at large will adopt more powerful encryption algorithms on their own, Microsoft is leading the charge by making Windows reject certificates using SHA-1 after January 1, 2017. Doing this will lead website operators to upgrade to stronger SHA-2 certificates for the betterment of all Windows users and the broader public key infrastructure (PKI) community. The Windows PKI blog post “SHA1 Deprecation Policy” noted that, “The quicker we can make such a transition, the fewer SHA-1 certificates there will be when collisions attacks occur and the sooner we can disable SHA1 certificates.”

In the end, the issue isn’t if SHA-1 encryption will be cracked but rather when it will be cracked.

What Do I Need to Do?

January 1, 2017, might seem like a long way away, but now is the time to understand the problem and how to mitigate it.

As per Microsoft’s SHA-1 deprecation policy, Windows users don’t need to do anything in response to this new technical requirement. XP Service Pack 3 (SP3) and later versions support SHA-2 SSL certificates. Server 2003 SP2 and later versions add SHA-2 functionality to SSL certificates by applying hotfixes (KB968730 and KB938397).

Web administrators must request new certificates to replace SHA-1 SSL and code-signing certificates that expire after January 1, 2017. As of this writing, that would probably affect only public SHA-1 certificates that were purchased with a long expiration date (three years or more) or long-duration certificates issued by internal SHA-1 CAs. Most third-party CAs will rekey their certificates for free, so you simply need to contact the CA to request a rekeyed certificate that uses the SHA-2 algorithm.

When ordering new SSL certificates, you should confirm with the CA that they’re being issued with the SHA-2 algorithm. New certificates with expiration dates after January 1, 2017, can only use SHA-2. Code-signing certificates with expiration dates after December 31, 2015, must also use SHA-2.

Note that the algorithm used in SHA-2 certificates is actually encoded to use SHA-256, SHA-384, or SHA-512. All of these are SHA-2 algorithms; the SHA number (e.g., 256) specifies the number of bits in the hash. The larger the hash, the more secure the certificate but possibly with less compatibility.

It’s important that the certificate chain be encrypted with SHA-2 certificates. (A certificate chain consists of all the certificates needed to certify the end certificate.) This means that any intermediate certificates must also use SHA-2 after January 1, 2017. Typically, your CA will provide the intermediate and root CA certificates when they provide the SHA-2 certificate. Sometimes they provide a link for you to download the certificate chain. It’s important that you update this chain with SHA-2 certificates. Otherwise, Windows might not trust your new SHA-2 certificate.

Root certificates are a different story. These can actually be SHA-1 certificates because Windows implicitly trusts these certificates since the OS trusts the root certificate public key directly. A root certificate is self-signed and isn’t signed by another entity that has been given authority.

For the same reason, any self-signed certificate can use the SHA-1 algorithm. For example, Microsoft Exchange Server generates self-signed SHA-1 certificates during installation. These certificates are exempt from the new SHA-2 policy since they aren’t chained to a CA. I expect, however, that future releases of Exchange will use SHA-2 in self-signed certificates.

What About My Enterprise CAs?

If your organization has its own internal CA PKI, you’ll want to ensure that it’s generating SHA-2 certificates. How this is done depends on whether the CA is running Windows Server 2008 R2 or later and if your CA has subordinate CAs.

If you have a Server 2008 R2 or later single-root CA without subordinates, you should update the CA to use SHA-2. Doing so will ensure that subsequent certificates generated will use the SHA-2 algorithm. To check which hash algorithm is being used, you can right-click the CA and go to the General tab. If SHA-1 is listed, you can run the following certutil command to configure the CA to use the SHA-256 algorithm:

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

You must restart the CertSvc service to apply the change. Now when you view the CA properties, you’ll see that the hash algorithm is SHA-256. All future certificates issued by this CA will use SHA-256, but keep in mind that existing certificates will still be using SHA-1. You need to renew any SHA-1 certificates issued by this CA to upgrade them to SHA-2 certificates.

If your CA is older than Server 2008 R2, you can’t upgrade the CA to use SHA-2. You’ll need to rebuild it with a newer version.

If your organization’s internal CA is multi-tiered with one or more subordinate CAs, you’ll need to reconfigure them to use SHA-2. This is done using the same certutil command just given on each subordinate or issuing CA. Keep in mind that if you use subordinate CAs, you’re not required to update the root CA to SHA-2 since that certificate is at the top of the certificate chain, but it won’t cause any problems if you do. You still need to renew any SHA-1 certificates issued by the subordinate CAs to upgrade them to SHA-2 certificates.

Take Action Now

Administrators and website operators should identify all the SSL certificates used in their organizations and take action, as follows:

  • SHA-1 SSL certificates expiring before January 1, 2017, will need to be replaced with a SHA-2 equivalent certificate.
  • SHA-1 SSL certificates expiring after January 1, 2017, should be replaced with a SHA-2 certificate at the earliest convenience.
  • Any SHA-2 certificate chained to an SHA-1 intermediate certificate should be replaced with another one chained to an SHA-2 intermediate certificate.

The following tools and websites are useful for testing and for further information about SHA-1 remediation:

  • Microsoft Security Advisory 2880823. This website discusses the deprecation policy for the SHA-1 hashing algorithm for the Microsoft Root Certificate Program.
  • Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP). The section “How to migrate a CA from a CSP to a KSP and optionally, from SHA-1 to SHA-2” in this TechNet web page provides detailed instructions for upgrading a CA to use SHA-2.
  • Gradually sunsetting SHA-1.” This Google Online Security Blog post explains how the transition to SHA-2 affects Chrome and details Google’s rollout schedule.
  • SHA-256 Compatibility. This GlobalSign web page lists OS, browser, server, and signing support for SHA-256 certificates.
  • DigiCert SHA-1 Sunset Tool. This free web application tests public websites for SHA-1 certificates that expire after January 1, 2016.
  • DigiCert Certificate Inspector. This tool discovers and analyzes all certificates in an enterprise. It’s free, even if you don’t have a DigiCert account.
  • Qualys SSL Labs’ SSL Server Test. This free online service analyzes the configuration of any SSL web server on the public Internet.

CCleaner – Free System Optimization Download!

CCleaner
Optimization and Cleaning

Features
CCleaner is a free SJT recommended system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it’s fast (normally taking less than a second to run) and contains NO Spyware or Adware!

Cleans the following:

Internet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.

Firefox
Temporary files, history, cookies, download history, form history.

Google Chrome
Temporary files, history, cookies, download history, form history.

Opera
Temporary files, history, cookies.

Safari
Temporary files, history, cookies, form history.

Windows
Recycle Bin, Recent Documents, Temporary files and Log files.

Registry Cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more… also comes with a comprehensive backup feature.

Third-party applications
Removes temp files and recent file lists (MRUs) from many apps including Media Player, eMule, Google Toolbar, Netscape, Microsoft Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more…

100% Spyware FREE
This software does NOT contain any Spyware, Adware or Viruses.

To download your free copy of this software Click Here

Microsoft CEO Ballmer: Devices, Devices!

Summary: In case you didn’t get the memo — or CEO Steve Ballmer’s latest shareholder letter — Microsoft officially is a devices and services company now.

Microsoft really wants to make sure its shareholders, customers, partners and competitors realize it’s not just a big software company any more.

In an October 9 letter to shareholders, part of Microsoft’s just-released fiscal 2012 annual report, CEO Steve Ballmer repeated his new “devices and services company” mantra to drive it home.

Ballmer hasn’t (yet) chanted “devices, devices, devices” in front of any public or private audiences (that we know of, at least) in the way he once infamously chanted “developers, developers, developers.”

But Ballmer told The Seattle Times a few weeks back that Microsoft can and should be considered a devices and services company. The latest Ballmer shareholder letter re-emphasizes that message.

From the letter:

“Last year in this letter I said that over time, the full value of our software will be seen and felt in how people use devices and services at work and in their personal lives. This is a significant shift, both in what we do and how we see ourselves — as a devices and services company. It impacts how we run the company, how we develop new experiences, and how we take products to market for both consumers and businesses. The work we have accomplished in the past year and the roadmap in front of us brings this to life.”

The Ballmer shareholder letter also claimed again that Microsoft is still counting on its partners to produce business and consumer devices and hardware that customers want. But it’s clear Microsoft isn’t getting into the hardware game on a lark or just to incent its OEMs to make more well-designed products, as some company watchers and partners have said.

Ballmer noted that, going forward, Microsoft plans to continue to focus on the development of “new form factors that have increasingly natural ways to use them including touch, gestures and speech.”

Along with the Xbox, the Microsoft Surface — which Microsoft described as “a series of Microsoft-designed and manufactured hardware devices” in its latest proxy statement (also released today) — are here to stay and seemingly will include more products as part of the family.

Windows XP End of Life

Takeaway:  Many companies are not planning to upgrade when Microsoft ends support for Windows XP.

SCALE2Many users are finding it difficult to adapt to the innovative Windows 8.  The update “Windows Blue” expected to be released before December 2013, has a possibility of restoring the Start button and initially boot to the traditional desktop.

Windows 7 is the most convincing route for upgrading from Windows XP.  Many features are similar to XP including the traditional boot-to-desktop and Start button.  For Windows 7 buyers, extended support until 2020 is offered.

Microsoft officially announced on April 10, 2012 that they will end extended support as of April 8, 2014 for Windows XP and Office 2003.  Although, the risk of vulnerabilities and the cost to limit exposure, XP is still hanging on.  

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

‘Zero-Day’ for Microsoft XP Users

194212

On April 10, 2012, Microsoft officially announced that as of April 8, 2014 they will end extended support for Windows XP and Office 2003, after which no new updates, hotfixes, patches or support will be issued.  “Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever” said Tim Rains from Microsoft.  Zero-day attacks are when attackers exploit a vulnerability before the developer is aware or can fix the problem.

Windows XP already has a notably higher infection rate than its successors Windows 7 and Windows 8.  Those preparing to continue using XP after the cut-off date, are going to be in a unpleasant situation trying to protect their intellectual property.   With Microsoft ending their support, the vendors for applications running on it will most likely end support.

Attackers will have the upper hand once Microsoft cuts off XP support and presumably will have more information than the defenders about system and application vulnerabilities.  Also, attackers will have the possibility of compromising the system and applications if they exploit the zero-day vulnerabilities.

For more information regarding Windows XP End of Life, click here.

According to NetMarketShare.com, Windows XP still has about 37 percent desktop operating system share as of June 2013.   Although it is the second most used operating system, Microsoft said that they will not be extending support for XP after April 8, 2014.

xp

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

XP will be Non-Compliant

logo_footer_hipaa

Windows XP was released on October 25, 2001 and has become one of the most popular versions of Windows for home and business environments.

The HIPAA Security Rule requires all systems to be updated regularly, as of April 8, 2014 Microsoft will end support for Windows XP, after which no new updates, hotfixes, patches or support will be issued.

This is a major problem within the healthcare industry since many computers are still running XP.  Migrating to a new operating system can be a challenging task because some XP machines have proprietary software that are not compatible with Windows 7+.  

Evaluate the technical infrastructure including servers, workstations and network equipment to create a migration plan.  Communicating with product vendors will help create the migration plan.  Vendors can provide support for updating and upgrading the software/hardware.  Implementing Virtualization within your network is a centralized option to replacing your current setup.  A virtual desktop infrastructure is having 50+ desktops reside on one physical server and sharing the resources, such as CPU, storage and memory.

During the migration, providing an efficient setup for the clinical staff may also include upgrading the manageability of the network and designing a much more scalable and secure IT infrastructure.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

CALL US NOW!