On January 10 Microsoft Corporation announced it will not allow downloads of future Windows security updates until your antivirus vendor sets a specific registry key that certifies compatibility with Windows. “Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”, Microsoft’s updated support page notes.
Why is Microsoft doing this?
Recently two security vulnerabilities were discovered in the Central Processing Unit (CPU) chip that is the heart of what makes computers work: the recently unleashed threats are called Meltdown and Spectre. During testing to find solutions to these threats, researchers discovered that some third-party anti-virus vendors were taking shortcuts that wouldn’t block the types of attacks launched by these malicious applications. As a result, Microsoft has issued a new registry key for all third-party anti-virus software vendors to put in their own products to certify compatibility. No registry key in AV software = no Windows updates for those PCs without the required key.
Is the AV software we use okay?
Security researcher Kevin Beaumont has compiled a list – which is frequently updated – of which AV manufacturers have software updates that are now compliant with the required key, or will soon be compliant. Since this is a fluid situation here is the link for that list .
What should I do about this?
Here are some suggestions:
- Check with your I.T. consultants to be sure you have compatible AV software or programs. If not, have them advise you about next steps.
- It’s more important than ever to be sure your hardware, operating systems and software is up to date and supported by manufacturers. Attacks such as these are becoming more frequent. If your data is adversely impacted, hacked, held for ransomware, or otherwise compromised, it can adversely affect your business and, in the case of law firms, your continuing ability to be allowed to practice law.
It’s important for any firm to ensure its data is secure and its network is functioning smoothly. It is doubly important for a law firm, since ethical rules are involved. Our thanks go to ZDNet.com for this timely announcement. At Crosspointe Consulting Group, our consultants want to help you get the most from your programs and applications. Be sure to call us if your IT consultants need assistance with maintaining your programs, or advise you to upgrade them. We can be reached at 877-357-0555 or contact us at [email protected].
Dana Riel is President and Founder of Business Solutions, Inc., serving the Washington, D.C. metropolitan area since 1985. Her firm is the authorized training center for the region for Time Matters and PCLaw by PCLaw|Time Matters, PLLC; Timeslips and Sage 50 Accounting by Sage Software; and QuickBooks by Intuit Corporation. She also serves as a consultant for Caret Legal (formerly known as Zola Suite), CosmoLex, Soluno & TimeSolv. As a trainer, Dana has provided training services to organizations such as the DOD Defense Logistics Agency, Judge Advocate General’s Office (JAG)/Department of the Navy, University of the District of Columbia School of Law, U.S. Department of Commerce and the U.S. Department of Veterans Affairs, as well as with small‐ to mid‐size law firms in the Baltimore‐Washington D.C. area. In 2009, she participated in the series of day‐long seminars sponsored by the District of Columbia Bar Association Practice Management Section, titled “Basic Training: Learn About Running a Law Office”. Ms. Riel also served as an Adjunct Professor in Georgetown University’s Paralegal Studies Program, having taught the course, “Legal Ethics/Legal Technology” in 2009; and “Legal Technology” for the Spring and Summer Semesters of 2010. She presently serves on the Advisory Board for PCLaw|Time Matters, PLLC.