Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

IT Spotlight


On March 12, 2020 Microsoft released a warning to immediately update and reboot Windows systems due to a Microsoft SMBv3 Client/Server Remote Code Execution Vulnerability. Users are advised this is an extremely dangerous vulnerability and MUST be addressed right away.

Users should know that if their systems are not patched appropriately and an attack is launched against this vulnerability, LBNL will temporarily block computers. If this occurs, users will be unable to remote access their computers which could impact users ability to telecommute. IT strongly advises all users to apply patches immediately and REBOOT.

Any questions or concerns can be directed to security@lbl.gov.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.

RELATED ARTICLES

Berkeley Lab IT has released Microsoft’s latest updates for Windows 10, which contains patches for multiple critical security vulnerabilities. One of these, CVE-2020-0601, has been identified by the Cyber Security group as a mandatory update. As such, all Windows 10 systems at the Lab MUST be updated, and may be blocked from the network if they are out of compliance.

Most systems have already been updated using the recommended Windows Update settings, but there are still many systems which remain vulnerable.  To address these remaining vulnerable systems, Berkeley Lab IT is using BigFix to ensure patches are updated:

  • If you get a Reboot Reminder from BigFix, it means that Windows is attempting to install updates, and needs to be restarted to complete the process. Your system will remain vulnerable until the reboot is completed.

  • For systems that are not getting automatically updated, BigFix will prompt you to install the updates directly from our BigFix server. If you get a BigFix patch notification, you will need to take recommended actions in order to protect your system. BigFix will reboot your system upon completion.

Please note that systems which are enrolled in BigFix Passive Management Mode will not be patched or rebooted by BigFix, and users are responsible for installing required updates by running Windows Update.  For information regarding Windows Update, see Microsoft’s site, Update Windows 10.

Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.



Update Firefox Now!

Just as your operating systems need to be patched, so do your browsers. Mozilla recently disclosed a critical vulnerability in Firefox, and advises all users to patch it immediately:

If Firefox is configured to update automatically, patching is as simple as restarting your browser. Users should verify they are running at least version 72.0.1. For your reference Mozilla provides instructions for updating and verification here

Thanks to BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Lastly, users should follow IT Best Practices to ensure computer health.

IT Workstation Support has catalogued the recent issues users have encountered when upgrading their system to the latest macOS Catalina. They are:

  • 32-bit applications will not run on Catalina, see table below

Top 10 32-bit Applications in-use

Name

Quantity

Cisco VPN

277

Microsoft Word, what version?

163

Microsoft Excel, what version?

116

Microsoft Powerpoint, what version?

93

Identity Finder

79

mdworker32 (Office365 process)

65

Adobe Acrobat XI Pro (This software is out of compliance and must be upgraded to the subscription version, see Adobe Acrobat Pro DC)

64

Carbonite (This software is no longer the Lab’s enterprise backup software, see Druva inSync)

29

Adobe Application Manager

28

TextWrangler

28

  • Applications will request proper permissions to run

Application

Solution

Chrome Attachments

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Chrome

Chrome Remote Desktop

https://support.google.com/chrome/thread/16263096?hl=en

DisplayLink

Download and install latest driver (beta release), https://www.displaylink.com/downloads/macos

Druva inSync

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Druva inSync

Sophos

https://community.sophos.com/kb/en-us/134552#How%20to%20correct%20issues

Toshiba copiers fail to print with a “filter failed” error message

  1. Remove print object

  2. Download latest Toshiba drivers

  3. Right-click and install new Toshiba drivers, this will install in an elevated privileged mode

Zoom

On Mac OS 10.15 Catalina, you need to allow Zoom access to Screen Recording to share your screen. 

  1. Open System Preferences > Security & Privacy > Privacy > Screen Recording

  2. Check the option for zoom.us


As with any major operating system upgrade, users should always do the following:

  1. Perform a hardware assessment and check for compatibility

    1. Mac compatibility list - see https://support.apple.com/en-us/HT210222

    2. User must check with the hardware vendor for any external equipment

  2. Perform a software assessment and check for compatibility - users can check https://roaringapps.com/ for software compatibility

  3. Ensure you have all software licensing information if you need to reinstall software

  4. Perform a data assessment and backup all data

  5. Perform upgrade in place or from scratch

If you upgrade to macOS Catalina and something stops working, contact IT User Support at x4357 or email to help@@lbl.gov and we will be glad to help.

As of Oct 17, 2019 Workstation Support is under guidance from LBL cybersecurity to remove CCleaner from all Lab systems.

Computers that have BigFix (Active Mode) installed will have a pop-up appear informing the user of the action and provide a button to click for easy uninstallation.

We are looking at other options to handle the functions that CCleaner provides, but in the short term, we need to remove it from all Lab systems. Workstation Support will be removing CCleaner beginning Friday, Nov 1, 2019.

Additionally, the free version of CCleaner cannot legally be installed on Laboratory computers.

CCleaner can be removed either via BigFix or via the Windows standard "Add and Remove" programs menu.

If you don't have BigFix installed on your system please see our IT Software Download Page at https://software.lbl.gov/.

If you need help removing CCleaner please contact the Help Desk at xHELP (x4357).

image.png

Microsoft has taken a different approach to updating Windows 10, as they release major builds twice a year. Each build will have an end of lifecycle and will cease to be supported as defined by their End of Service date. Users should know that they must regularly commit to updating their Windows 10 operating system or risk cyber threat and/or block.

Microsoft has published the Windows 10 lifecycle fact sheet (https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet), see the table below.

Windows 10 version history

Date of availability

End of service

Windows 10, version 1909 November 12, 2019May 11, 2021 
Windows 10, version 1903May 21, 2019December 8, 2020
Windows 10, version 1809November 13, 2018May 12, 2020
Windows 10, version 1803April 30, 2018November 12, 2019
Windows 10, version 1709October 17, 2017April 9, 2019
Table updated on March 10, 2020.

Thanks to Berkeley Lab BigFix and support from our LBL Active Directory and our Windows Server Update Service (WSUS), we have discovered 43 Windows computers that have not updated their Windows 10, version 1511 operating system. These systems must update immediately. IT User Support will be reaching out to these users in the next week to provide any support needed with their Windows 10 update.

To find out about the your Windows 10 version, see Which Windows operating system am I running? (https://support.microsoft.com/en-us/help/13443/windows-which-operating-system)

Users should be mindful regarding Windows Updates:

  • Backup your system before doing your Windows Update, you can use Druva inSync from our software download page, https://software.lbl.gov/swSoftwareDetails.php?applicationID=184

  • Update files can be big and may take some time to download

  • Once the Update starts to download you can minimize it and continue working

  • When the download is complete it will ask for a reboot, you can pause or reschedule for the end of the day (Note: update will not finish without a reboot)

  • Application of system settings after a Windows Update may require another 15-30 minutes after you reboot and login

Users can request help with updating their Windows 10 system by clicking on the link below.

Remember do not push off updating your computer, update regularly!

REQUEST HELP

RELATED ARTICLES

This project was possible because IT identified affected systems with Berkeley Lab BigFix. To get Berkeley Lab BigFix for your computer, please visit software.lbl.gov.

Choose a topic from the list on the left, or search for a topic.

For more general LBNL information, please use the Lab's Google Custom Search (GCS)  tool or refer to the A-Z index

If you need to contribute to the IT FAQ's and find you do not have permission, contact the Help Desk and ask that you be added to the Commons faq editors group