Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

IT Spotlight



Please take action to update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 on Berkeley Lab and personal Apple systems immediately. 

Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. This vulnerability allows your Apple device to be compromised with no interaction from you nor any visibility indicators to you. Called FORCEDENTRY, the exploit can infect iPhone, iPad, Apple Watch, or Mac systems with the Pegasus spyware, providing access to the camera and microphone in addition to allowing access to text messages, phone calls, and emails.

"This spyware can do everything an ‌iPhone‌ user can do on their device and more," said Citizen Lab senior researcher John-Scott Railton. You can read more details about this issue in the Citizen Lab writeup. 

https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

On September 13, Apple released a suite of new updates for iOS, macOS, and watchOS to fix this bug.

Given the severity of the exploit, you should update to iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2 on Berkeley Lab and personal systems you control as soon as you can.

Thank you in advance for helping to Protect Science, it’s greatly appreciated.

conferences.lbl.gov (Indico) underwent maintenance starting at 2:00 PM on Friday, August 6.  The maintenance was completed at 2:45pm.

Please contact the [email protected] with questions or concerns regarding this maintenance.

Druva Device Inactive?

If you receive a message because Druva inSync is reporting that device(s) linked to your account have not been backed up in at least 14 days, it is likely that there is a problem which could result in data loss in the event that you need to restore a file. 

Possible causes for this email:

  • Computer was powered off

  • Computer was not connected to the internet

  • Computer needs to be restarted

  • You no longer have this device and it should be removed from your Druva inSync account


If you no longer have the device or are unsure as to why your device is not backing up, please forward the email you received to [email protected] along with the DOE number of your current computer that should be backing up. 

As a reminder, devices which have not backed up in over 90 days will be removed from Druva inSync. Avoid data loss and address this request.

More information regarding Druva inSync can be found in our FAQ.

General Windows Update Guidance


All Windows system users, 


Microsoft releases Monthly Updates (patches) to keep your computer as secure as possible. As onerous as it may seem, keeping your Windows system up to date is a very important part of using any modern operating system with Internet access.

While you have received this update to address current issues, there are always new ones being reported. Our recommendation is to run Windows Update NOW, including REBOOTING if required, and please keep an eye out for future Windows Update communications from IT.

If BigFix is not currently installed on your system, we recommend you install BigFix as soon as possible so we can keep your system safe and you informed. It also helps with DOE property tracking. You never need to barcode scan your computer again.

In order to minimize disruption, when checking for updates, you may get more than one update that requires a restart. Please wait until all updates are completed before restarting your computer or you may have to restart more than once. In addition, if the BigFix restart notification appears, double check your Windows Updates application to ensure all updates have been completed before you restart.

Please run Windows Update at least monthly, to check if your system requires any patches.

Please consider rebooting your Windows system weekly or at least monthly. 

Here is How to run Windows Update for Windows 10. Please REBOOT your computer if required by the Windows Update.



To all Windows system users, Microsoft has recently released some critical security updates regarding PrintNightmare. Please run Windows Update and check if your system requires any patches. It is strongly recommended to do this NOW and monitor any future communications from IT regarding this recent security threat. 

While Microsoft has released updates to address this current issue, there have been reports that the first round of updates are insufficient. Our recommendation at this time is to run Windows Updates, including rebooting if necessary, and keep an eye out for future Windows Update communications from IT. If BigFix is not currently installed on your system, we recommend you install BigFix as soon as possible so we can keep your system safe and you informed.  

In order to minimize disruption, when checking for updates, you may get more than one update that requires a restart. Please wait until all updates are completed before restarting your computer or you may have to reboot more than once. In addition, if the BigFix reboot notification appears, double check your Windows Updates application to ensure all updates have been completed before you reboot.

Keeping your Windows system up to date is important


Here is How to run Windows Update for Windows 10. Reboot your computer if required by the Windows Update.


More information:

Apple has announced a new operating system, macOS Monterey. They have released a beta version for consumers to download. The first final release is expected in Fall 2021. 

However, we would like to caution our users to be careful before upgrading to the beta or first final release of macOS Monterey. These are the questions you need to ask yourself before proceeding with the install of macOS Monterey:

  • Is your computer compatible? See list below: 

    • iMac late 2015 and later

    • iMac Pro 2017 and later

    • MacBook Air early 2015 and later

    • MacBook Pro early 2015 and later

    • Mac Pro late 2013 and later

    • Mac mini late 2014 and later

    • MacBook early 2016 and later

Note: if your hardware is not compatible, macOS Monterey should warn you and not install/upgrade. But it doesn’t hurt to double check to make sure.

  • Are all your peripheral devices compatible?

  • Is all your installed software compatible?

  • Do you have the installation files for that software, if you need to reinstall or revert your Operating System to the previous version?

  • BACKUP your computer before installing/upgrading to macOS Monterey


IT recommends not upgrading or installing macOS Monterey at this time. 

Note that all 32-bit applications are incompatible with macOS Monterey. 

If you decide to upgrade regardless of this warning, ensure you backup your computer before installing/upgrading or you may lose your data in the event of a corrupt installation or if you find you need to revert to the previous operating system due to incompatibility.

Feel free to reach out to IT if you have any questions. 

You can contact our support staff by:

To all users that have Google Chrome and Microsoft Edge installed on the computer.

Google has released a new version of Google Chrome that addresses vulnerabilities that attackers in the wild could exploit to take control of affected systems.

The new Microsoft Edge is now based on Chrome which is why it needs to be updated as well.

Protect yourself! Update immediately!

Here is How to Update Google Chrome

Here is How to Update Microsoft Edge

More info:

Make sure to be protected, do a second reboot after the update!

Apple released the macOS Big Sur update 11.3 on April 28, 2021. If Sophos is installed on an M1 (ARM) based system prior to the update, the first time the system boots after the update, protection will be compromised. Restarting the system again resolves this issue.


The issue can be observed when the following conditions are met:
1. macOS 11 had Sophos installed prior to updating to 11.3
2. Upgrading to macOS 11.3
3. M1 chip (ARM) based hardware only (Intel hardware is not impacted)
4. This also applies to the 10.1.0 M1 (ARM) Optimized EAP.

Systems that are not impacted by this:
1. Systems with Intel chip macs
2. New Sophos installs on macOS 11.3
3. Systems with macOS 10.15.7 Catalina and below

Resolution:
Restart the computer once again after upgrading to macOS 11.3!

The original article is linked here!


IT has created new videos to help you with:


If you would like to see a specific help video created, let us know!

Keep an eye on our IT Spotlight page for future announcements on new video tutorials!

Microsoft has taken a different approach to updating Windows 10, as they release major builds twice a year. Each build will have an end of lifecycle and will cease to be supported as defined by their End of Service date. Users should know that they must regularly commit to updating their Windows 10 operating system or risk cyber threat and/or block.

Microsoft has published the Windows 10 lifecycle fact sheet (https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet), and their end of life dates (https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise-and-education). This information is also represented in the table below.

Windows 10 version history

Date of availability

End of service

Windows 10, version 20H2

October 20, 2020

May 9, 2023

Windows 10, version 2004

May 27, 2020

December 14, 2021

Windows 10, version 1909 

November 12, 2019

May 10, 2022 

Windows 10, version 1903

May 21, 2019

December 8, 2020

Windows 10, version 1809

November 13, 2018

May 11, 2021

Windows 10, version 1803

April 30, 2018

May 11, 2021

Windows 10, version 1709

October 17, 2017

October 13, 2020

Windows 10, version 1703

April 11, 2017

October 8, 2019

Windows 10, version 1607

August 2, 2016

April 9, 2019

Windows 10, version 1511

November 10, 2015

October 10, 2017

Windows 10, version 1507

July 29, 2015

May 9, 2017

To find out about the your Windows 10 version, see Which Windows operating system am I running? (https://support.microsoft.com/en-us/help/13443/windows-which-operating-system)

Users should be mindful regarding Windows Updates:

  • Backup your system before doing your Windows Update, you can use Druva inSync from our software download page, go.lbl.gov/DownloadDruvainSync

  • Run Windows Update on Windows 10, update files can be big and may take some time to download

  • Once the Update starts to download you can minimize it and continue working

  • When the download is complete it will ask for a reboot, you can pause or reschedule for the end of the day (Note: update will not finish without a reboot). Note there may be a couple of reboots involved so be patient.

  • Application of system settings after a Windows Update may require another 15-30 minutes after you reboot and login

Users can REQUEST HELP with updating their Windows 10 system.

Remember do not push off updating your computer, update regularly!

RELATED ARTICLES

Microsoft is ending support for Windows 10 version 1909 on May 11, 2021. This applies to:

  • Windows 10 Home

  • Windows 10 Pro

  • Windows 10 Pro Education

  • Windows 10 Pro for Workstations

If you have one of the listed editions of Windows 10, it is strongly recommended and encouraged that you update it to the latest version (Windows 10 v20H2) before May 11, 2021 to continue receiving Windows updates and Security updates from Microsoft.


Please note:

  • Backup your system before doing your Windows Update. Berkeley Lab IT offers Druva inSync for backup solutions

  • Update files can be big and may take several hours to download

  • While Windows Update is downloading updates, you can minimize it and continue working

  • When the download is complete it will ask for a reboot. We suggest delaying until the end of the day, as your system will be unusable during the updates.

  • Additional updates may need to be applied after you reboot and login. It may take up to 30 minutes to apply settings before the next updates can be applied. On some rare occasions, it could be longer than 30 minutes. This process may need to be repeated multiple times until Windows is completely up to date.


Not sure how to do the update? See Run Windows Update for Windows 10.

If you are interested, to know what is new in Windows 10 v20H2: See Windows 10 version 20H2: The complete changelog

A little extra, here is a refresher to IT Best Practices.


Related Article:

IT has created new videos to help you with:

Reminder: Do not forget your LastPass master password. LastPass admins do not have the capability of recovering your password.

If you would like to see a specific help video created, let us know!

Keep an eye on our IT Spotlight page for future announcements on new video tutorials!

IT Workstation Support has catalogued the recent issues users have encountered when upgrading their system to the latest macOS Catalina. They are:

  • 32-bit applications will not run on Catalina, see table below

Top 10 32-bit Applications in-use

Name

Quantity

Cisco VPN

277

Microsoft Word, what version?

163

Microsoft Excel, what version?

116

Microsoft Powerpoint, what version?

93

Identity Finder

79

mdworker32 (Office365 process)

65

Adobe Acrobat XI Pro (This software is out of compliance and must be upgraded to the subscription version, see Adobe Acrobat Pro DC)

64

Carbonite (This software is no longer the Lab’s enterprise backup software, see Druva inSync)

29

Adobe Application Manager

28

TextWrangler

28

  • Applications will request proper permissions to run

Application

Solution

Chrome Attachments

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Chrome

Chrome Remote Desktop

https://support.google.com/chrome/thread/16263096?hl=en

DisplayLink

Download and install latest driver (beta release), https://www.displaylink.com/downloads/macos

Druva inSync

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Druva inSync

Sophos

https://community.sophos.com/kb/en-us/134552#How%20to%20correct%20issues

Toshiba copiers fail to print with a “filter failed” error message

  1. Remove print object

  2. Download latest Toshiba drivers (https://software.lbl.gov/swSoftwareDetails.php?applicationID=108)

  3. Right-click and install new Toshiba drivers, this will install in an elevated privileged mode

Zoom

On Mac OS 10.15 Catalina, you need to allow Zoom access to Screen Recording to share your screen. 

  1. Open System Preferences > Security & Privacy > Privacy > Screen Recording

  2. Check the option for zoom.us


As with any major operating system upgrade, users should always do the following:

  1. Perform a hardware assessment and check for compatibility

    1. Mac compatibility list - see https://support.apple.com/en-us/HT210222

    2. User must check with the hardware vendor for any external equipment

  2. Perform a software assessment and check for compatibility - users can check https://roaringapps.com/ for software compatibility

  3. Ensure you have all software licensing information if you need to reinstall software

  4. Perform a data assessment and backup all data

  5. Perform upgrade in place or from scratch

If you upgrade to macOS Catalina and something stops working, contact IT User Support at x4357 or email to [email protected]@lbl.gov and we will be glad to help.


Choose a topic from the list on the left, or search for a topic.

For more general LBNL information, please use the Lab's Google Custom Search (GCS)  tool or refer to the A-Z index

If you need to contribute to the IT FAQ's and find you do not have permission, contact the Help Desk and ask that you be added to the Commons faq editors group