LITIGATION SUPPORT TIP OF THE NIGHT

Here's an update to last night's tip, which warned about the Printer Spooler vulnerability in Windows. Microsoft's fix has its own shortcomings.

Cybersecurity expert Will Dormann has warned that if the PointandPrint setting in the Registry Editor is set to 1, Microsoft's patch will not prevent remote code execution.

Because Microsoft's patch does not account for files referenced with Universal Naming Convention, it will not block remote files used for the exploit. UNC simply references a file with a path in this form:

\\server\share\path\filename

Be sure to implement Microsoft's fix for the recenlty discovered Windows Print Spooler Remote Code Execution Vulnerability. See this post on the Microsoft Security Response Center. This exploit allows a hacker to use the printer spooler to perform privileged operations such as installing programs and deleting files.

The metrics on the Microsoft site show that while the complexity of this exploit is low (special access is not required) the threat to the confidentiality of data and the integrity of your system's protective measures is high:

When using cloud based software, it's important to ask questions about what the provider does with the data that it hosts for you.

The Tip of the Night for May 26, 2021 discussed Trello, the project management tracking collaboration software.

Trello's developer Atlassain does not allow data to be stored locally, so it will store the names of task boards, and other content you add. Its privacy policy posted here, states that:

"Content also includes the files and links you upload to the Services. If you use a server or data center version of the Services, we do not host, store, transmit, receive or collect information about you (including your content), except in limited cases, where permitted by your administrator: we collect feedback you provide directly to us through the product and; we collect content using analytics techniques that hash, filter or otherwise scrub the information to exclude information that might identify you or your organization; and we collect clickstream data about how you interact with and use features in the Services. Server and data center administrators can disable our collection of this information from the Services via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level."

So by default data is collected even though Atlassian has processes in place which anonymize it. An admin can prevent the collection of data.

Atlassian complies with the General Data Protection Regulation of the European Union, but also processes personal data, and tranfers data to Amazon AWS data centers located in the United States. It does have Privacy Shield certification, the new mechanism for allowing for the transfer of personal data between the US and the EU after the invalidation of the prior safe harbor agreement. This certification can be viewed here.

It also uses EU Controller to Processor Standard Contractual Clauses as an additional mechanism to be in place in case the Privacy Shield is invalidated.