Regardless of how you consume media, odds are you’ve heard (or watched or read) a news story about the increasing rate of cyberattacks in various industries or new vulnerabilities announced by technology companies. Indeed, anyone who owns a computer or smartphone is familiar with the regular, sometimes annoying, requirement to install updates and restart their devices. While it’s tempting to continue delaying and/or ignoring these reminders to update, these updates provide some of the best forms of protection against cyberattacks by patching critical vulnerabilities as they are identified. Updates are usually pushed out on a regular schedule (usually monthly or quarterly), however, the most critical vulnerabilities sometimes require more immediate remediation – these are called “out of band” patches since they occur outside the regular schedule, and are generally in response to “zero-day” vulnerabilities or exploits, which is an identified vulnerability with no known patch or fix.
Recently, a new “zero-day” vulnerability known as PrintNightmare was announced that impacted most Windows-based systems. If exploited, it could allow attackers to install malicious programs, and have full access to view, change, or delete data and create new user accounts. Microsoft released a security update to address the vulnerability.Those who have a Windows system should verify that they’ve installed all available updates. More information on updates and the PrintNightmare vulnerability are available here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527.
When devices get older, patches are no longer created for their operating systems. This means that some older devices are unsupported; they can’t be protected from identified threats and vulnerabilities While it’s not always financially feasible to upgrade devices when they no longer are supported, it’s best only to use supported operating systems whenever possible and to keep unsupported operating systems off your network (home networks included) to every possible extent. For example, Microsoft ended its support of Windows 7 in January of 2020. On its website, Microsoft warns visitors still using Windows 7 of its vulnerability to security risks. Similarly, Apple only patches three operating system versions– macOS 11 (Big Sur), 10.15 (Catalina), and 10.14 (Mojave). Continual updating and rebooting of your device may sometimes seem like a significant inconvenience. Nevertheless, running a supported operating system and installing all patches as soon as they are available is one of the best defenses you have to keep your systems, network, and data secure against the ever-increasing volume of cyber threats.
If you have more questions about cybersecurity or best practices for securing your home networks and devices, please visit https://www.it.northwestern.edu/security/device-tips.html.