Dell’s Preinstalled Support Software has a Serious Vulnerability

A new vulnerability affecting Millions of Dell computers has been found.  This issue effects both home and business computers.  Dell’s built-in support tool of Dell SuppoortAssist (all versions) has a vulnerability that allows for rights escalation.  The issue is, a user who is are not administrators can exploit this vulnerability and gain administrative rights to the computers.  Once administrative rights are granted, the unauthorized user is now free to see everything on the computer and can also install malware on the system to spy on the user.

The reason users should not have administrative rights to their computers is to prevent unauthorized access or malicious software from being installed.  I have presented on this topic many times.  Even home users should not be using an account with administrative right on their computer.  The only time administrative rights are needed and should be used, is to install new software or perform other administrative tasks on that system.  Another benefit of having non-administrative accounts on a computer, even a home computer, is the ability quickly recover a computer should a user profile become infected or corrupt.

Dell licenses their desktop support tool from PC-Doctor.  SafeBreach Labs identified the vulnerability.  Dell was notified of the issue on April 29, 2019 and PC-Doctor provided an update on May 28th.  Dell is encouraging all their users to update to the new version of Dell SuppoortAssist.   For more on performing the update, go to Dells’ support site and look up   DSA-2019-084.  This has been given CVE Identifier: CVE-2019-12280.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business

Completed CompTIA Security Trustmark+

I am very happy to announce that, we successfully completed our annual review for the CompTIA Security+ Trustmark. We view this as a big differentiator between us and our competitors. While many organizations claim that they have good security practices in place, it is impossible for them to prove it. We submit Quanexus to an annual review of our security practices, where a third party, independent auditor reviews our polices, controls and practices. Our practices are based on the CompTIA Security+ Trustmark, which is based on NIST’s (National Institute of Science and Technology) Cybersecurity Framework.

This is important for several reasons. The first is, some of our clients operate in regulated industries, such as finance and medical. These organizations that operate in regulated industries are required to perform vendor due diligence; they need to prove that they are working with “trustworthy” vendors. By having a third party, independent auditor review our controls, it makes it easier for our clients to work with us.

The second reason we do this is, if we are going to consult and perform services in these industries, we have to understand and meet the same or very similar requirements that our clients have to meet. This provides us a much deeper understanding of the process and controls needed to operate.

Thirdly and most importantly, we take security very seriously! We need to be continually learning and adopting to the changes in the world that affect us. The CompTIA Security Trustmark+ helps us keep a keen focus on the evolving security landscape and helps us continually improve.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

How to better plan for 2019 in two hours

How can you better plan for 2019 in just two hours?

The end of the year is quickly approaching. Have you started planning for 2019? Every business owner knows that planning for a yearly budget is much easier when you know what IT projects are upcoming, or what equipment needs to be replaced. A good place to start is with a free network assessment.

Utilizing this complimentary service can give you a look into where vulnerabilities and problems may exist on your network and its equipment. Regularly reviewing your network is vital in ensuring it is running at peak performance and is protected from data loss, downtime, viruses and breaches.

If your system is not regularly monitored, assessing your infrastructure is critical. Businesses often fall behind in upgrades and compliance simply because they are busy running their business. Having a third party evaluate your network can give you a peace of mind and can catch issues you may not know exist.

The process is conducted on site at your office and generally takes anywhere from one to two hours to complete. Based on our findings we will compile a list of suggestions and concerns and present them to you at a later date. There is absolutely no obligation to move forward with our recommendations, or to purchase any services or equipment from us.

The benefits of a network assessment can give you an excellent snapshot of where your business is technologically and can help you to develop an action plan to keep your systems up to date and running optimally.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

The Benefits of Migrating to Office 365

Prior to Microsoft launching Office 365, updating to the newest version of a program was often costly and time consuming; Office 365 has vastly improved the process by offering a variety of benefits.

If you are thinking about migrating to Office 365 we have put together a short list of some of the major benefits of switching.

  1. Work anytime, anywhere. Office 365 provides web-enabled access to email, documents, and calendars and more on almost any device. Have the flexibility to work where and when you need to.
  2. Predictable monthly costs. Rather than spending a hefty, up-front amount for the latest version of a program, Office 365 utilizes a monthly fee structure that keeps you working on the most up-to-date programs at an affordable monthly fee.
  3. Built in security and compliance. For small businesses, staying secure and in compliance can take a large chunk of their resources, Office 365 has built-in features that can take care of this for you. All of your data can be stored securely on the cloud and available for you wherever you need it.
  4. Stay organized. Everything synchronizes for you; if you update a contact on your phone, or save a document on a PC, it will automatically update across all of your devices, including Macs, iPhones and Android devices.
  5. Licensing simplified. Rather than keeping track of who is using what version of a program with which license, you will now have the ease of having all users accessing the same version of each program and receiving updates at the same time.

Office 365 has plenty of bells and whistles but determining the right plan for your organization can take time. We have taken each of the options and broken them down into as easy to understand chart which we would be happy to go over with you.

Related: Office 365: Too Many Options

When deciding to migrate many companies consider working with a Managed Services Provider (MSP) to ensure that the transition goes smoothly and is as cost effective as possible.

There are many different options to consider and questions to answer if you are considering moving to Microsoft Office 365, we have several, experienced technicians on hand who can assist you.

Related: Managed IT Services in Dayton

Are you thinking about migrating? Would you like more information on how to get started? Contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts