Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

IT Spotlight


As of January 14, 2020 Microsoft stopped support of Windows 7. Computers running Windows 7 will no longer receive security patches. Most machines are able to upgrade to Windows 10, see Windows 7 End of Life and Upgrade to Windows 10. If you are running legacy software or have computers attached to scientific equipment that only work with Windows 7, you must register it with IT or risk being blocked from the network. Windows 7 computers which have not been registered on the Windows 7 Exception Request Form will be blocked after June 30, 2020.


Related links:

On March 12, 2020 Microsoft released a warning to immediately update and reboot Windows systems due to a Microsoft SMBv3 Client/Server Remote Code Execution Vulnerability. Users are advised this is an extremely dangerous vulnerability and MUST be addressed right away.

Users should know that if their systems are not patched appropriately and an attack is launched against this vulnerability, LBNL will temporarily block computers. If this occurs, users will be unable to remote access their computers which could impact users ability to telecommute. IT strongly advises all users to apply patches immediately and REBOOT.

Any questions or concerns can be directed to security@lbl.gov.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.

RELATED ARTICLES

Berkeley Lab IT has released Microsoft’s latest updates for Windows 10, which contains patches for multiple critical security vulnerabilities. One of these, CVE-2020-0601, has been identified by the Cyber Security group as a mandatory update. As such, all Windows 10 systems at the Lab MUST be updated, and may be blocked from the network if they are out of compliance.

Most systems have already been updated using the recommended Windows Update settings, but there are still many systems which remain vulnerable.  To address these remaining vulnerable systems, Berkeley Lab IT is using BigFix to ensure patches are updated:

  • If you get a Reboot Reminder from BigFix, it means that Windows is attempting to install updates, and needs to be restarted to complete the process. Your system will remain vulnerable until the reboot is completed.

  • For systems that are not getting automatically updated, BigFix will prompt you to install the updates directly from our BigFix server. If you get a BigFix patch notification, you will need to take recommended actions in order to protect your system. BigFix will reboot your system upon completion.

Please note that systems which are enrolled in BigFix Passive Management Mode will not be patched or rebooted by BigFix, and users are responsible for installing required updates by running Windows Update.  For information regarding Windows Update, see Microsoft’s site, Update Windows 10.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.



Update Firefox Now!

Just as your operating systems need to be patched, so do your browsers. Mozilla recently disclosed a critical vulnerability in Firefox, and advises all users to patch it immediately:

If Firefox is configured to update automatically, patching is as simple as restarting your browser. Users should verify they are running at least version 72.0.1. For your reference Mozilla provides instructions for updating and verification here

Thanks to BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Lastly, users should follow IT Best Practices to ensure computer health.

Berkeley Lab Cyber Security has discovered bad guys exploiting Apple’s Remote Management service to conduct reflected denial-of-service (DoS) attacks. 

What to do?

In order to protect Berkeley Lab computers from participating in this hostile activity, we require all users to disable Apple Remote Management Service.  To disable this service:

  1. In Apple Menu, select System Preferences
     
  2. Select Sharing
     
  3. Uncheck Remote Management
     

This change will not have any adverse effects for most users and in fact is the Apple default.  You can still use Apple Remote desktop and VNC to connect if you enable "Screen Sharing". If you believe disabling Remote Management will create an adverse situation for you, please contact security@lbl.gov

IT will use BigFix to prompt users to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.

              

BigFix can be downloaded from https://go.lbl.gov/DownloadBigFix. For any further inquiries Request Help.

Technical Details



Microsoft has taken a different approach to updating Windows 10, as they release major builds twice a year. Each build will have an end of lifecycle and will cease to be supported as defined by their End of Service date. Users should know that they must regularly commit to updating their Windows 10 operating system or risk cyber threat and/or block.

Microsoft has published the Windows 10 lifecycle fact sheet (https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet), see the table below.

Windows 10 version history

Date of availability

End of service

Windows 10, version 1909 November 12, 2019May 11, 2021 
Windows 10, version 1903May 21, 2019December 8, 2020
Windows 10, version 1809November 13, 2018May 12, 2020
Windows 10, version 1803April 30, 2018November 12, 2019
Windows 10, version 1709October 17, 2017April 9, 2019
Table updated on March 10, 2020.

Thanks to Berkeley Lab BigFix and support from our LBL Active Directory and our Windows Server Update Service (WSUS), we have discovered 43 Windows computers that have not updated their Windows 10, version 1511 operating system. These systems must update immediately. IT User Support will be reaching out to these users in the next week to provide any support needed with their Windows 10 update.

To find out about the your Windows 10 version, see Which Windows operating system am I running? (https://support.microsoft.com/en-us/help/13443/windows-which-operating-system)

Users should be mindful regarding Windows Updates:

  • Backup your system before doing your Windows Update, you can use Druva inSync from our software download page, https://software.lbl.gov/swSoftwareDetails.php?applicationID=184

  • Update files can be big and may take some time to download

  • Once the Update starts to download you can minimize it and continue working

  • When the download is complete it will ask for a reboot, you can pause or reschedule for the end of the day (Note: update will not finish without a reboot)

  • Application of system settings after a Windows Update may require another 15-30 minutes after you reboot and login

Users can request help with updating their Windows 10 system by clicking on the link below.

Remember do not push off updating your computer, update regularly!

REQUEST HELP

RELATED ARTICLES

This project was possible because IT identified affected systems with Berkeley Lab BigFix. To get Berkeley Lab BigFix for your computer, please visit software.lbl.gov.

Choose a topic from the list on the left, or search for a topic.

For more general LBNL information, please use the Lab's Google Custom Search (GCS)  tool or refer to the A-Z index

If you need to contribute to the IT FAQ's and find you do not have permission, contact the Help Desk and ask that you be added to the Commons faq editors group