Skip to Content


New Bundle & Save Promotion for Inbox Protection

Cloudstar is pleased to announce our new bundle and save promotion when you purchase Office 365, Barracuda, and Email Encryption together to protection your entire organization.

With business email compromise at an all time high, there’s never been a better time to bundle and save.

Click HERE to learn more about protecting your inbox.

Contact use HERE now!

0 Continue Reading →

Don’t Risk Being Left Behind

With cyber crime being one the rise, many cyber insurance carriers are issuing new guidelines- these include mandates that your operating systems and hypervisors are on well patched, supported, and update to data versions.

Don’t risk being dropped by your insurance provider.  Migrate to Cloudstar to ensure you’re always on the latest version.

Contact us today for a quote.

0 Continue Reading →

Free Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)

Click HERE to get the patch from patch.

by Mitja Kolsek, the 0patch Team



[Note: This blog post is expected to be updated as new micropatches are issued and new information becomes available.]


Update 7/5/2021: Security researcher cube0x0 discovered another attack vector for this vulnerability, which significantly expands the set of affected machines. While the original attack vector was Print System Remote Protocol [MS-RPRN], the same attack delivered via Print System Asynchronous Remote Protocol [MS-PAR] does not require Windows server to be a domain controller, or Windows 10 machine to have UAC User Account Control disabled or PointAndPrint NoWarningNoElevationOnInstall enabled. Note that our patches for Servers 2019, 2016, 2012 R2 and 2008 R2 issued on 7/2/2021 are effective against this new attack vector and don’t need to be updated.



June 2021 Windows Updates brought a fix for a vulnerability CVE-2021-1675 originally titled “Windows Print Spooler Local Code Execution Vulnerability”. As usual, Microsoft’s advisory provided very little information about the vulnerability, and very few probably noticed that about two weeks later, the advisory was updated to change “Local Code Execution” to “Remote Code Execution”.

This CVE ID would probably remain one of the boring ones without a surprise publication of a proof-of-concept for a remote code execution vulnerability called PrintNightmare, indicating that it was  CVE-2021-1675. Security researchers Zhiniang Peng and Xuefeng Li, who published this POC, believed that their vulnerability was already fixed by Microsoft, and saw other researchers slowly leaking details, so they decided to publish their work as well.

It turned out that PrintNightmare was not, in fact, CVE-2021-1675 – and the published details and POC were for a yet unpatched vulnerability that turned out to allow remote code execution on all Windows Servers from version 2019 back to at least version 2008, especially if they were configured as domain controllers.

The security community went scrambling to clear the confusion, identify conditions for exploitability, and find workarounds in absence of an official fix from Microsoft. Meanwhile, PrintNightmare started getting actively exploited, Microsoft has confirmed it to be a separate vulnerability to CVE-2021-1675, assigned it CVE-2021-34527, and recommended that affected users either disable the Print Spooler service or disable inbound remote printing.

In addition to Microsoft’s recommendations, workarounds gathered from the community included removing Authenticated Users from the “Pre-Windows 2000 Compatible Access” group, and setting permissions on print spooler folders to prevent the attack.

All these mitigations can have unwanted and unexpected side effects that can break functionalities in production (1, 2, 3), some including those unrelated to printing.

Patching the Nightmare


Long story short, our team at 0patch has analyzed the vulnerability and created micropatches for different affected Windows versions, starting with those most critical and most widely used:

  1. Windows Server 2019 (updated with June 2021 Updates)
  2. Windows Server 2016 (updated with June 2021 Updates)
  3. Windows Server 2012 R2 (updated with June 2021 Updates)
  4. Windows Server 2008 R2 (updated with January 2020 Updates, no Extended Security Updates) 
  5. Windows 10 v20H2 (updated with June 2021 Updates)
  6. Windows 10 v2004 (updated with June 2021 Updates) 
  7. Windows 10 v1909 (updated with June 2021 Updates) 
  8. Windows 10 v1903 (updated with June 2021 Updates)
  9. Windows 10 v1809 (updated with May 2021 Updates – latest before end of support)
  10. Windows 10 v1803 (updated with May 2021 Updates – latest before end of support)
  11. Windows 10 v1709 (updated with October 2020 Updates – latest before end of support)


[Note: Additional patches will be released as needed based on exploitability on different Windows platforms.]

Our micropatches prevent the APD_INSTALL_WARNED_DRIVER flag in dwFileCopyFlags of function AddPrinterDriverEx from bypassing the object access check, which allowed the attack to succeed. We believe that “install warned drivers” functionality is not a very often used one, and breaking it in exchange for securing Windows machines from trivial remote exploitation is a good trade-off.

Micropatches for PrintNightmare will be free until Microsoft has issued an official fix. If you want to use them, create a free account at 0patch Central, then install and register 0patch Agent from Everything else will happen automatically. No computer reboots will be needed.

Compatibility note: Some Windows 10 and Server systems exhibit occasional timeouts in the Software Protection Platform Service (sppsvc.exe) on a system running 0patch Agent. This looks like a bug in Windows Code Integrity mitigation that prevents a 0patch component to be injected in the service (which is okay) but sometimes also does a lot of seemingly meaningless processing that causes process startup to time out. As a result, various licensing-related errors can occur. The issue, should it occur, can be resolved by excluding sppsvc.exe from 0patch injection as described in this article.

Frequently Asked Questions

Q: Which Windows versions are affected by PrintNightmare?

Answer updated 7/5/2021: Due to the discovery of a new attack vector, which also affects non-DC servers and Windows 10 machines in their default configuration, the set of affected Windows platforms has significantly expanded. The current status, according to our tests, is this:

  • Windows Server 2019, whether DC or not – affected
  • Windows Server 2016, whether DC or not – affected
  • Windows Server 2012 R2, whether DC or not – affected
  • Windows Server 2012 non-R2, whether DC or not – not affected
  • Windows Server 2008 R2, whether DC or not – affected
  • Windows Server 2008 non-R2, whether DC or not – not affected
  • Windows Server 2003, whether DC or not – not affected
  • Windows 10 (all versions), domain-joined – not affected
  • Windows 10 (all versions), non domain-joined – affected
  • Windows 7 – not affected


Our remote attacks on Windows 10 were so far not successful against domain-joined Windows 10 machines, where the attack would be most worrisome. We were so far only able to launch the exploit using credentials of a local user on a non-domain Windows 10 machine, and such credentials are likely not known to an attacker. So these tests so far only confirm a possible local privilege escalation (a local user exploiting PrintNightmare to gain local System privileges).


Our current understanding is that without any custom configuration and with June 2021 Windows Updates applied, only Windows Servers that act as a domain controller are affected (confirmed for versions 2012, 2016 and 2019). The reason seems to be that when a server is a domain controller, a Pre-Windows 2000 Compatible Access group is created for some legacy compatibility, and the Authenticated Users group is a member of this group. This makes all domain users a member of Pre-Windows 2000 Compatible Access group, which is an important piece of the puzzle for exploiting this vulnerability.

However, non-DC servers and Windows 10 systems with June 2021 updates can also be vulnerable in at least these cases:

  • UAC (User Account Control) is completely disabled [source], or
  • PointAndPrint NoWarningNoElevationOnInstall is enabled [source].



Q: How about Windows systems without June 2021 Windows Updates?

We believe that without June 2021 Windows Updates, all supported Windows systems, i.e., all servers from 2012 up and all Windows 10 systems, are affected [source].


Q: What will happen with these micropatches when Microsoft issues their own fix for PrintNightmare?

First off, we absolutely recommend you do install all available security updates from original vendors.When Microsoft fixes PrintNightmare, their update will almost certainly replace localspl.dll, where the vulnerability resides, and where our micropatches are getting applied. Applying the update will therefore modify the cryptographic hash of this file, and 0patch will stop applying our micropatches to it. You won’t have to do anything in 0patch (such as disabling a micropatch), this will all happen automatically by 0patch design.

When the official fix is available, our micropatches will stop being free, and will fall under the 0patch PRO license. This means that if you wish to continue using them (and many other micropatches that the PRO license includes), you will have to purchase the appropriate amount of licenses.

Q: We have a lot of affected computers. How can we prepare for the next Windows 0day?

Obviously deploying 0patch in an enterprise production environment on a Friday afternoon is not something most organizations would find optimal. As with any enterprise software, we recommend testing 0patch with your existing software on a group of testing computers before deploying across your network. Please contact [email protected] for setting up a trial, and when the next 0day like this comes out, you’ll be ready to just flip a switch in 0patch Central and go home for the weekend.


We’d like to thank Will Dormann of CERT/CC for behind-the-scenes technical discussion that helped us understand the issue and decide on the best way to patch it.

Please revisit this blog post for updates or follow 0patch on Twitter.


0 Continue Reading →

Cloudstar to Sponsor & Exhibit at 2021 National Settlement Services Summit

Cloudstar is pleased to sponsor the 2021 The National Settlement Services Summit (NS3).  This years conference will be held between August 31st – September 2nd, 2021 in beautiful Naples, Florida.

NS3 is the premier annual destination for all professionals involved in the real estate transaction to come together for unrivaled networking and education including:

  • Executives
  • Title agents
  • Underwriters
  • Attorneys
  • Settlement services providers
  • Real estate agents
  • Mortgage lenders
  • Compliance officers
  • Technology solution providers
  • Regulators
  • Sales and marketing managers
  • Operations officers

What is NS3?

NS3 brings together more than 700 professionals from across the country for an educational experience unlike any other. For three days a roster of expert speakers and noted industry veterans share their experience with their partners across the real estate transaction.

Attendees return year after year to earn CE/CLE credits, learn about the latest strategies to advance their businesses and to stay current on regulatory developments. NS3 2021 will continue to offer numerous networking events all included in the price of registration!

Cloudstar looks forward to meeting with many of our customers, colleagues, and industry friends; we wish everyone safe travels!

National Settlement Services Summit

1 Continue Reading →

Cloudstar To Sponsor 2021 Texas Land Title Association Conference

Cloudstar, a proud member of the TLTA,  is pleased to announce that we will be sponsoring and exhibiting at the 2021 Texas Land Title Association Annual Conference and Business Meeting.  The conference will be held this year at the Kalahari Resort at Round Rock from August 9-11, 2021 with the following agenda:


Early Conference Registration
TAPS/KEGS Dinners (by invitation only)

Monday, August 9

Bert Massey Classic Golf Tournament and TLTAPAC Fundraiser (Offsite – Forest Creek Golf Club)
Sponsor Exhibits Open
Opening General and Educational Sessions
Opening Night Reception

Tuesday, August 10

Sponsor Exhibits Open
Terry Grantham Memorial TLTAPAC Breakfast and Annual Meeting
General Session and Business Meeting
Educational Sessions
Agent and Underwriter Meetings
President’s Evening and Live TLTAPAC Auction

Wednesday, August 11

Closing Session and Breakfast Benefiting TLTAPAC


If you would like to schedule time to meet with our team, please call us at 800-340-5780, or contact us by clicking HERE.

We look forward to meeting with our many Texas based customers, industry colleagues, and friends and wish everyone safe travels!

2021 TLTA Annual Conference

1 Continue Reading →

Cloudstar Providing Free Migrations Away From Microsoft Azure

Cloudstar is pleased to announce free cloud migrations for companies currently using Microsoft Azure Cloud services.  The migration service is in response to feedback wherein Microsoft Azure customers have been growing increasingly dissatisfied with various aspects of the Microsoft Cloud specifically in the areas of unpredictable billing caused by automated resources on demand, and questionable performance during peak work hours due to Azure being a “public cloud”.

Under the new program, Cloudstar is willing to move current Microsoft Azure customers into a dedicated private cloud environment with unlimited resources and billed at a flat rate per user.  This model addresses two of the loudest concerns while ensuring customers are hosted in an environment with a smaller cyber-attack footprint.

The same program is also available for users of the popular Office 365 system, Microsoft’s hosted email platform.  Microsoft O365 as it’s sometimes called has grow in popularity due to its low cost pricing and ease of use, but hackers have also taken notice making it one of the most heavily targeted systems for hacking, email phishing, and business email compromise.

If you’re interested in your own private servers, with flat rate pricing, please contact Cloudstar at 800-340-5780 or contact us online by clicking HERE

2 Continue Reading →

Cloudstar Launches Mortgage & Fintech Consulting Department


February 8th 2021 – Jacksonville FL.  Cloudstar is pleased to announce the launch of a new mortgage and fintech consulting department.  The department is bridging the gap between mortgage operations and technology delivering both management consulting and technology services to all aspects of the mortgage industry.

Services include process optimization, LOS support and selection, business intelligence, operational consulting, cyber-security, on-site and remote training, and regulatory compliance & advisory services along with custom RESTful API development with advanced systems integrations.

“Our goal is to service the entire Industry said Gregory McDonald, CEO of Cloudstar, which includes working with Wholesale & Retail lenders, in addition to brokers, to deliver solutions for Loan Origination, Distressed Asset Management, Default Tracking and REO Properties. And because of our already large industry presence in banking and land title, we are uniquely positioned to provide additional insight and value.”

About Cloudstar

Cloudstar is an emerging leader in financial services technology, with a focus on mortgage origination, title insurance, real estate, consumer banking, law, risk & compliance, consulting and outsourcing solutions. Through the breadth of our solutions portfolio, and our subsidiary companies MortgagePhish, Cloud Bunny & Teletonix Communications, Cloudstar delivers a wide variety of solutions to thousands of customers located throughout the United States and emerging global markets.

Core services include colocation, public & private cloud, containerization, virtualization, cyber security, SIEM, IT resiliency, telecommunications, application integration, industry specific business development and workflow consulting.

Cloudstar continually strives to make customer service our number one focus being mindful that our success depends on the success of our customers. We take information security very seriously, never losing sight of our obligations to protect and secure the confidential assets of our clients and their customers.


Note: If you would like to learn more, please visit our mortgage & fintech consulting page which can be viewed HERE

0 Continue Reading →

Phishing: These are the most common techniques used to attack your PC

Microsoft Office macros, PowerShell and more are still proving to be popular with cyber criminals distributing attacks via phishing emails, warn researchers after analyzing billions of attacks.

Creating malicious Office macros is still the most common attack technique deployed by cyber criminals looking to compromise PCs after they’ve tricked victims into opening phishing emails.

Phishing emails are the first stage in the attack for the majority of cyber intrusions, with cyber criminals using psychological tricks to convince potential victims to open and interact with malicious messages.

These can include creating emails that claim to come from well-known brands, fake invoices, or even messages that claim to come from your boss.

There are number of methods that cyber criminals can exploit in order to use phishing emails to gain the access they require and, according to researchers at cybersecurity company Proofpoint, Office macros are the most common means of achieving this.

Macros are a function of Microsoft Office that allow users to enable automated commands to help run tasks. However, the feature is also abused by cyber criminals. As macros are often enabled by default to run commands, these can be used to execute malicious code – and thus provide cyber criminals with a sneaky way to gain control of a PC.

Many of these campaigns will use social engineering to encourage the victim to enable macros by claiming the functionality is needed in order to view a Microsoft Word or Microsoft Excel attachment. It’s proving a successful method of attack for cyber criminals, with Office macros accounting for almost one in 10 attacks by volume.

But Office macros are far from the only attack technique that cyber criminals are commonly adopting in order to make hacking campaigns as successful as possible.

Sandbox evasion is the second most common attack technique used by criminals distributing phishing emails.

This is when the developers of malware build-in threat detection that stops the malware from running – effectively hiding it – if there’s a suspicion that the malware is running on a virtual machine or sinkhole set up by security researchers. The aim is to stop analysts from being able to examine the attack – and, therefore, being able to protect other systems against it.

PowerShell is also still regularly abused by attackers as a means of gaining access to networks after getting an initial foothold following a phishing email. Unlike attacks involving macros, these often rely on sending the victim to click a link with code to execute PowerShell. The attacks are often difficult to detect because they’re using a legitimate Windows function, which is why PowerShell remains popular with attackers.

Other common attack techniques used to make phishing emails more successful include redirecting users to websites laced with malicious HTML code that will drop malware onto the victim’s PC when they visit, while attackers are also known to simply hijack email threads, exploiting how victims will trust a known contact and abusing that trust for malicious purposes, such as sending malware or requesting login credentials.

The data on the most common attack techniques has been drawn from campaigns targeting Proofpoint customers and the analysis of billions of emails.

Train users to spot and report malicious email. Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable.

Stop phishing today: Learn more at – a Cloudstar company.

0 Continue Reading →

Cloudstar Adds Additional Encrypted Storage Capacity

Cloudstar is pleased to announce additional dedicated EMC, All Flash, Unity Private Cloud Storage. This capacity increase will provide additional self-encrypting storage for our financial services and health care clients who are in need of meeting certain applicable regulatory compliance requirements such as HIPAA.

The demand has never been higher. With data security concerns at an all-time high, it is no surprise companies continue to place a premium on ensuring sensitive data is protected from unauthorized access. Whether it is due to internal policies or external compliance, securing data continues to be a high priority for organizations of all sizes. The additional EMC storage systems acquired by Cloudstar address these concerns through controller-based Data at Rest Encryption ([email protected]), which encrypts stored data as it is written to disk. This provides yet another layer to protect against unauthorized access by rendering the drive unreadable without the encryption key. In addition to peace of mind, [email protected] offers additional benefits including regulatory compliance, secure decommissioning, and the possibility to eliminate the need for
physical drive shredding.

Customers have the option of purchasing storage allocations on dedicated EMC Unity hardware, or shared hardware available in a wide variety of configurations, and drive array options.

Contact your Cloudstar sales representative for more information.

0 Continue Reading →

The State of Phishing in 2021

In 2020 phishing exploded as the world faced a 100-year pandemic and many people moved to remote working and learning, which changed the phishing threat landscape forever. Our recent report, The State of Phishing, SlashNext Threat Labs, reports on the latest statistics and trends in phishing. In the last 12 months, cybercriminals launched thousands of new phishing pages every hour to harvest personal information, steal corporate data, and commit credit card fraud with no sign of slowing down. Phishing increased 42% in 2020, over 2019. By mid-2020, SlashNext Threat Labs saw the number of daily phishing threats top 25,000 a day, a 30% increase over 2019 figures. By fall, the number had grown to 35,000/day and grew to 50,000/day by December and continues to rise in 2021.


The change in the phishing threat landscape is attributed to the increased use by cybercriminals of automation and AI. The low cost of computing and the availability of behavioral information from the public and the dark web make targeting effective by simulating trusted sources and launching attacks through new communication channels. These sophisticated tools offer cost-efficient and easy ways to run short-lived but highly effective phishing campaigns. By leveraging legitimate infrastructure, cyber criminals increase the likelihood of compromising a target and increase their success.

One example of the latest spear-phishing attacks on legitimate infrastructure found by SlashNext Threat Labs in late January 2021 was a 2FA attack. The spoofed Chase Bank 2FA authentication page was hosted on legitimate infrastructure on, a web hosting offering for small businesses with additional business services.

We are now seeing more phishing attempts that can bypass two-factor authentication (2FA) or multi-factor authentication. Many with Two Factor Authentication (2FA) believe they’re protected because the birth of 2FA grew from knowing that current security defense solutions were no longer working. Rogue browser extensions can deliver these types of attacks by using Man-in-the-Middle tactics. These browser extensions offer cybercriminals the perfect workaround for organizations that rely heavily on 2FA. By design, once a browser extension is installed, it can access the browser’s complete canvas. Once logged in, the session is hijacked to capture whatever is on the computer screen. These extensions have the full power to do whatever the user is doing and seeing whatever is happening within that browser window.



0 Continue Reading →