Microsoft released a mitigation for a vulnerability that exists in the Windows 10 operating system that can be exploited against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on a device if exploited. Because Microsoft Office is used and trusted by millions worldwide, attackers potentially could launch very-large-scale attacks; accordingly, this vulnerability has a severity rating of 8.8 out of 10. Recommendations from Mission Critical Partners to prevent devices from becoming susceptible to this vulnerability are below.

Saturday marks the 20^th anniversary of the terrorist attacks on the World Trade Center in New York City and the Pentagon, as well as the hijacking of a third commercial airliner that day, United Airlines Flight 93, which crashed in a field near Shanksville, Pennsylvania, after passengers confronted the terrorists. The attacks resulted in 2,977 fatalities and more than 25,000 injuries. It is the deadliest single incident for firefighters and police officers in the U.S., who respectively lost 340 and 72 members that day. It remains the deadliest terrorist attack our history.

Over the last 20 years, the public safety community increasingly has leveraged technological advances that enable better interoperability and data sharing. While decreased response times and increased situational awareness have resulted, there is still an opportunity for improvement. Many obstacles exist that prohibit complete end-to-end integration of data throughout the incident management lifecycle. Additionally, identifying the right data to be shared with the right person at the right time is essential to integrating data into the lifecycle. 

In my previous blog on cybersecurity, I provided a high-level perspective on the cybersecurity environment for justice organizations today. I noted that the environment is worrisome — it is a virtual certainty that cyberattackers, at this very moment, are looking for a way to infiltrate your organization’s networks and systems.

But I promised a progression (crawl, walk, run) that you can employ immediately to quickly begin thwarting cyberattackers and protecting your networks and systems, as well as the critical data and applications that run on them. This strategy is based on industry best practices and thought leadership to which MCP has actively contributed.^[1]

Cybersecurity has become a huge problem for any organization that is operating networks and/or systems, but especially so for those in the government sector, particularly public-safety and justice agencies.