Skip to main content

Tag: Helpful Information

Microsoft Reports Vulnerabilities Impacting Windows and Office Products

Microsoft Vulnerabilities

Published on

July 14, 2023

Bryan Siemon

Bryan Siemon

Microsoft Reports Vulnerabilities Impacting Windows and Office Products

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products.

Microsoft reads, “An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

Microsoft has confirmed no less than 132 security vulnerabilities across product lines, including six that fall into the “zero-day” category.

Microsoft suggested these applications would be impacted and is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially crafted Microsoft Office documents.

Office Products include:

– Excel – Publisher – PowerPoint – Word – WordPad – Access – Graph – Visio

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

SoHo Network Solutions has always encouraged its customers not to open email attachments they do not recognize or expect. Free antivirus solutions are better than nothing, however, they lack centralized management and advanced features that we can provide. Hackers have become more advanced, so more advanced solutions are needed. The good news is that paid professional-grade antivirus software has become more affordable than ever. For $4 a month per computer, you can get the protection needed to help combat these vulnerabilities.

The Technical Details:

The vulnerability is a remote code execution (RCE) vulnerability affecting Windows and Office product, CVE-2023-36884, with a CVSS score of 8.3. The targeted attacks exploit these vulnerabilities using specially crafted Microsoft Office documents.” CVE-2023-36884 is as yet unpatched.

If you have any questions or concerns about this, please don’t hesitate to call Soho Network Solutions at 717.831.8128. It is recommended you ensure you have all Windows and Office updates and a strong antivirus program.

About SoHo’s Antivirus Solution:

To purchase Professional-Grade Antivirus Software give us a call- 717.831.8128. SOHO Network Solutions offers the Malwarebytes EDR Cloud Managed solution for $4/workstation/month or $48/year.

How does EDR work?

Endpoint detection and response are broadly defined by three types of behavior.

Endpoint management

This refers to EDR’s ability to be deployed on an endpoint, record endpoint data, then store that data in a separate location for analysis now or in the future. EDR can be deployed as a standalone program or included as part of a comprehensive endpoint security solution. The latter has the added benefit of combining multiple capabilities into a single endpoint agent and offering a single pane of glass through which admins can manage the endpoint.

Data analysis

EDR technology can interpret raw telemetry from endpoints and produce endpoint metadata (or cyber threat intelligence) human users can use to determine how a previous attack went down, how future attacks might go down, and actions that can be taken to prevent those attacks.

Threat hunting

EDR scans for programs, processes, and files matching known parameters for malware. Threat hunting also includes the ability to search all open network connections for potential unauthorized access.

Incident response

Incident response refers to EDR’s ability to capture images of an endpoint at various times and re-image or rollback to a previous good state in the event of an attack. EDR also gives administrators the option to isolate endpoints and prevent further spread across the network. Remediation and rollback can be automated, manual, or a combination of the two.

Think of EDR as a flight data recorder for your endpoints. During a flight, the so-called “black box” records dozens of data points; e.g., altitude, air speed, and fuel consumption. In the aftermath of a plane crash, investigators use the data from the black box to determine what factors may have contributed to the plane crash … Likewise, endpoint telemetry taken during and after a cyberattack (e.g. processes running, programs installed, and network connections) can be used to prevent similar attacks.

More Articles


We Are A Full Service IT Company

We can help setup MFA in your organization. Contact us today to learn more or help getting started.

Continue reading

The One Thing Your Website Absolutely Needs

SSL Certificate

Published on

Bryan Siemon

Bryan Siemon

The One Thing Your Website Absolutely Needs

In today’s digital world, having a website has become an essential part of any business or individual’s online presence. However, it is not just enough to have a website – you need to ensure that it is secure for your visitors, even if you think your website is small or basic. The one thing every website should have is an SSL certificate. And do not panic, SSL certificates have a significant impact for a nominal price. In this article, we will explore why your website should have an SSL certificate

To start, we need to understand what an SSL certificate is. SSL stands for Secure Sockets Layer, and it is a security protocol that encrypts data between the server and the browser. This link ensures that all data transferred between the two is secure and private. SSL certificates are issued by a trusted third-party organization, known as a Certificate Authority (CA). When a website has an SSL certificate, the browser displays a padlock icon in the address bar, this provides a visual cue to visitors that the website is secure.

Now let’s explore the reasons why your website should have an SSL Certificate

1. Security – Protection of Sensitive Information

Hackers- Nobody likes them, but they are out there, and they target websites of all sizes. One of the primary reasons to have an SSL certificate on your website is improved security. Without an SSL certificate, any data sent between a user’s browser and your web server is vulnerable to interception and hacking. With an SSL certificate, this data is encrypted, making it much more difficult for hackers to intercept and steal. An SSL certificate is not just very important if your website collects sensitive information, such as personal or financial information, it is a must have.

2. SEO – Boosts Website Rankings

While my reasons for getting an SSL on your website are not in any particular order, I should have considered putting this as number one. Most people ask about how to get better rankings on Google before they ask if their website is secure. When you get an SSL Certificate for your website, your address goes from http://yourwebsite.com to https://yourwebsite.com, the focus is on the “S” at the end of the HTTP. This “S” indicates the site is secure.

In 2014, Google announced that HTTPS (HyperText Transfer Protocol Secure) would be a ranking signal in its search algorithm. This means that websites with an SSL certificate rank higher than those without one. This is because Google wants to provide its users the best possible user experience, and having a secure website is one way to achieve that.

This means that having an SSL certificate can help improve your website’s visibility and ranking on search engines, leading to more traffic and potential customers.

3. Trust – Builds Trust with Visitors

When visiting a website, one thing is certain, I will not use a website that doesn’t have an SSL certificate. You want visitors to use your website, after all, you took the time to create and build it. Trust is important in any relationship. When users see the padlock icon in the address bar and the “https” in the url bar, they feel more confident in sharing their personal information. It tells them that their connection to your website is secure, something worth repeating several times in this article. This, in turn, builds trust with your website visitors. If your website does not have an SSL certificate, users (like me) may be hesitant to provide their personal information, which can result in lost sales and lower conversion rates. This is the case even if your website only has a basic “Contact Us” form and nothing else.

4. Scams – Protects Against Phishing Scams

Phishing is a fraudulent activity where hackers create fake websites that look like legitimate ones to steal personal information. We have personally known people who were victims of this. Scammers are good at making a site look like your bank’s website, PayPal’s website, or Microsoft’s website to name a few examples. An SSL certificate protects your website against such phishing scams. When a user visits a website with an SSL certificate, the browser displays a green address bar, indicating that the website is genuine. This helps search engines and users identify fake websites and protect them from phishing scams.

5. User Data – Protects User Data

Again, this is another thing worth repeating in this article, it is something you need to take seriously. If your website collects any sensitive user data, such as passwords or credit card information, it’s crucial to have an SSL certificate. Without one, this data is vulnerable to interception and theft, which could lead to legal and financial consequences for your business. With an SSL certificate, you can ensure that any data collected is encrypted and secure.

6. Browser Warnings – SSL Helps Avoid Browser Warnings

Nothing can keep a person from visiting your website like a browser warning staring them in the face. Many modern web browsers, such as Google Chrome, Mozilla Firefox, and Microsoft Edge, now display warnings when users try to access websites that are not secure. These warnings can be a significant deterrent for users, leading to a loss of traffic and potential customers. Having an SSL certificate ensures that your website does not trigger these warnings, providing a better user experience and reducing the risk of losing visitors.

7. Compliance – Data Protection Laws

Many modern web browsers, such as Google Chrome, Mozilla Firefox, and Microsoft Edge, now display warnings when users try to access websites that are not secure. These warnings can be a significant deterrent for users, leading to a loss of traffic and potential customers. Having an SSL certificate ensures that your website does not trigger these warnings, providing a better user experience and reducing the risk of losing visitors.

In conclusion, having an SSL certificate is essential for any website that wants to protect its users’ personal information, rank higher in search engines, build trust, protect against phishing scams, and comply with data protection laws. If your website does not have an SSL certificate, it’s time to consider getting one. If you are not sure if you already have one or how to get and install one, feel free to Contact Us, and we will gladly help you with this process. If you are looking to save money and get a new hosting company for your website, our hosting services offer free SSL when you host your website with us.

More Articles


We Are A Full Service IT Company

We can help setup MFA in your organization. Contact us today to learn more or help getting started.

Continue reading

Do Not Plug Your Space Heater Into This

Space Heater

Published on

Bryan Siemon

Bryan Siemon

Using a space heater can be a great way to keep warm during the colder months, but it’s important to use them safely. One potential hazard to watch out for is using a space heater with an extension cord. While it may seem like a convenient solution, there are several dangers associated with this practice.

Plugging a space heater into an extension cord may seem like an easy way to extend the reach of the heater, but it can be dangerous. First and foremost, extension cords are not designed to handle the amount of power that a space heater requires. This can cause the cord to become overloaded, which can lead to fires and other safety hazards. In addition, the added length of the extension cord can cause a drop in voltage, which can result in the space heater not functioning properly and potentially posing a fire risk.

Space heaters can get hot, and when they are plugged into an extension cord, the cord is often stretched across the floor. This can create a tripping hazard, especially for young children and pets. Having the extension cord stretched across the floor can also cause the cord to become frayed and damaged over time creating another hazard and leading to the cord breaking and losing power.

Furthermore, using a space heater with an extension cord can also void the manufacturer’s warranty. Most manufacturers specifically state that their space heaters should not be used with an extension cord, and using one can void the warranty, leaving you without any recourse if the heater fails or causes damage.

If you must use an extension cord with a space heater, make sure to choose a heavy-duty extension cord that is rated for the wattage of your space heater. Never use a frayed or damaged extension cord, and never run the cord under rugs or carpets where it can be damaged.

It’s also a good idea to unplug your space heater when you are not using it and to keep it away from flammable materials such as curtains and furniture. Following these safety tips can help prevent accidents and keep your home warm and safe.

In conclusion, avoiding using a space heater with an extension cord is best. Instead, make sure to plug the space heater directly into a wall outlet, and to turn off the heater when you are not using it.

More Articles


We Are A Full Service IT Company

We can help setup MFA in your organization. Contact us today to learn more or help getting started.

Continue reading