Microsoft has reported two new vulnerabilities (CVE-2022-41040 & CVE-2022-41082) affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019.

Microsoft has observed limited, targeted attacks exploiting these vulnerabilities to compromise target systems.

Mitigations for this vulnerability are available; however, a patch is not available at this time.

CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability while CVE-2022-41082 is a Remote Code Execution (RCE) vulnerability.

Vulnerabilities of this nature have been exploited in the past (such as with ProxyShell) to deliver web shells and perform further attacks including lateral movement within target networks and delivery of malicious payloads (such as ransomware). 

Litera recently created a video we believe you will find informative and helpful in planning for the many upcoming end-of-life dates for iManage and related solutions (e.g., cleanDocs, compareDocs, MS Server 2012R2, MS Basic Authentication). The video also speaks to the benefits of moving to iManage Cloud.

Cybersecurity Awareness Month is a great time to educate yourself and your users.

We're looking forward to seeing Association of Legal Administrators' chapter leaders from around the continent this week in Las Vegas for the 2022 Chapter Leadership Institute!

Microsoft has released workaround guidance to address a critical zero-day vulnerability — CVE-2022-30190, known as "Follina." This affects the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

Read our latest case study about a law firm that had its data held for ransom and how Innovative Computing Systems helped them recover without paying the criminals. 

We're happy to announce our recent partnership with 8x8 to bring clients the best business communications solutions available. 

There are a number of important iManage and related solutions requiring upgrades or patching over the coming months. We created the below infographic to help you in your legal technology planning. Please be certain to add these dates to your calendar.

United States, Australia, Canada, New Zealand and United Kingdom cybersecurity authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory yesterday detailing the most exploited technology vulnerabilities from 2021. The advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities report that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide in 2021. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.

Important to note is that three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020. As the agencies note, their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.

Apple has released two patches for two zero-day vulnerabilities affecting macOS and iOS. The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.

Law firms, accountancy firms and corporate law departments are bombarded from the outside and the inside by threats every day. Threat management has become a full-time task.

With more than two years of a pandemic behind us, many law firms – and many other businesses, for that matter – had expected to be back to the office more fully by now. The latest variant of COVID-19 changed those plans. Now, law firms are facing the fact that they must be prepared to be flexible for the foreseeable future. Indeed, the latest geopolitical disruptions in Eastern Europe demonstrate just how deeply uncertain our world remains. In the face of myriad challenges, how can law firm administrators and IT professionals remain nimble? Let's briefly look at key aspects of accessibility, hardware, software, and data security that will help law firms maintain continual operation in the new reality.

As a reminder, Microsoft is officially increasing the price of many of their Office products by 15% effective March 1, 2022:

Microsoft is officially increasing the price of many of their Office products by 15% effective March 1, 2022: