(866) 251-4459 support@compnetsys.com
Billions of Computer Devices Won’t Get Intel’s Spectre Fix

Billions of Computer Devices Won’t Get Intel’s Spectre Fix

17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.

The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero.
Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:

Daniel Genkin (the University of Pennsylvania and University of Maryland)
Mike Hamburg (Rambus)
Moritz Lipp (Graz University of Technology)
Yuval Yarom (University of Adelaide and Data61)

The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018.
Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements:
CVE-2017-5715
Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”
CVE-2017-5753
Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”
After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.”
But Paul’s team exploited speculative execution and had solid proof.
They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.
In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.
When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease.
When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.
The research evidence was irrefutable.
Their results showed there was a flaw in Intel chips.
A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.”
Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.
Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.
The pages with the discontinued products are below:

Page 4: Bloomfield and Bloomfield Xeon
Page 7: Clarksfield
Page 8: Gulftown and Harpertown Xeon CO & EO
Page 11: Jasper Forest
Page 12: Penryn/QC
Page 15: SoFIA 3GR
Page 16: Wolfdale CO, MO, EO & RO, Wolfdale Xeon CO & EO
Page 17: Yorkfield & Yorkfield Xeon

When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows:

Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues.

Intel also states in their Microcode Revision Guidance Legend:

“After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release”
“Microcode updates for these products for one or more reasons including, but not limited to the following:”
“Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)”
“Limited Commercially Available System Software support.”
“Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”

As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.
If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.

Is Facebook Spying for the Government?

Is Facebook Spying for the Government?

Social media is big business and has the potential to drive millions of visitors to websites, engage directly with customers on a public platform, and solve – or create – problems in real time. What is the future of “social business”?

Twenty years ago, marketing and promotions were simple and straightforward. The majority of efforts were focused on print: newspaper and magazine advertising, The Yellow Pages, direct mail, billboards, and perhaps flyers. Email marketing was in its infancy, and digital marketing wasn’t quite yet an industry – though there are firms that argue this time frame. Metrics were relatively predictable, and results were in the form of sales and revenue.

Yes, The Yellow Pages telephone directories still offer printed books. Publishers of “phone books”, as they’re often referred to, reduced paper usage by half before 2013, and major efforts are in place to ensure unused or outdated materials are recycled.

This is not the case today! There are so many facets to “digital marketing” that it’s safe to say the industry is constantly evolving. Yes, constantly. The rules change just as often, and the de facto rule-maker is Google. Google has the famous “Google algorithm”, by which all search parameters are defined. If a business or brand doesn’t meet Google’s search preferences, they’ve wasted their time and won’t make the first page of a user’s search results – and when was the last time you clicked past the first page of results in an average Google search?
There are ads within emails and ads on websites, and even “sponsored results” in an Internet search. Consumers have ads coming at them from every angle of the Internet, so why would social media – including the King of Social Media, Facebook – be any different? It’s not. In fact, a Facebook user is valued even more highly than a search user. The Facebook user is already engaged with a website, and it’s one where the content that loads is customized and personalized for each user. Google tries to do this with search results, but there’s only so much Google can do with a string of words and no context. Both Google and Facebook have the user’s history of cookies, but Facebook has the incredibly valuable position of knowing a user’s friends, families, what content a user likes – literally “likes” by clicking the blue-and-white thumbs-up symbol – and what news stories, photos, and content a user clicks on and engages with. In this context, Google’s metric is the click in terms of the value of a visitor, whereas Facebook’s value of a click is a highly-engaged user already on the website and opting to give more of their time and attention. The ultimate competition comes down to the value of a visitor versus the value of a click.
After evolving from a social platform into a platform that can be highly monetized, Facebook turned the digital marketing industry upside down with the newly-invented notion of advertising right in front of Facebook users. Any organization or brand that has ever paid for advertising on Facebook is used to Facebook changing things up by now – after all, Facebook changes their approach on a regular basis. After seizing the lead and maintaining this very profitable position for years – and years – the brain trust recently announced a bold decision to simplify their overall approach – after long being the primary innovator in social media and marketing and carving the path which others follow today.
Facebook Advertisers Are Users, Too
Facebook users fondly recall a time when privacy settings at the user level resembled a “stealth” mode when users had the ability to set their account information, including their names and other details, as completely private and would not show in other Facebook user searches. The added bonus was the implied guarantee that photos, posts, and other user content had this same level of protection. Sometime around 2009, Facebook implemented a pretty major privacy settings overhaul and many users who long enjoyed stealth status were suddenly thrust into the spotlight – and was no longer “invisible”. In all fairness, Facebook gave plenty of advance notice this change was coming. Their public reason was that Facebook is a social media platform, not a private website where a user could have total control – and this is a fair position. Facebook is a free website for users, but it’s not a nonprofit organization. Ever evolving, their approach has tweaked and allowed users to choose various privacy settings for posts, images, etc., which are highly customizable if the user chooses to take the time.
In 2017, Facebook recognized a growing dissatisfaction from its users and tried to pinpoint the cause. After much speculation, Facebook realized the greatest impact to the user experience is the allowance of brands to intermingle with users in their feeds, detracting from the social purpose of the channel. Thus, more major changes were in store. Facebook announced a desire to go “back to basics” and return the focus of a user’s feed to posts shared by friends and family members and make it harder for brands to get their content seen (unless advertisers were willing to pay). The result was that post reach – the number of people that see a post in their feed – plummeted. The plan was for average Facebook users to see fewer news stories, cat videos, political posts, or branded content, but rather see more photos shared by friends of birthday parties, graduations, and other significant events entirely unrelated to corporate messaging.
Privacy, Redefined
The change to the Facebook feed was a welcome change to users and required a major adjustment to social media marketing efforts for companies. Details of how the changes rolled out and the reasons for these changes trickled into news stories until major news broke that Facebook sold private user information on more than 87 million Facebook accounts to an organization involved in the political arena in 2016. Users worldwide felt violated that a trusted entity would share such private details – a harsh reminder that Facebook is a for-profit entity and users need to read the “fine print” and not just agree to Terms and Conditions without reading. Your digital life is not your own when using a website owned by someone other than yourself.
So, what can Facebook users do to protect themselves? Without deleting your Facebook account, it’s wise to do a once-over on user privacy settings every few months to verify what might have changed and safeguard your information.

Check your privacy settings
Facebook offers a variety of user settings allowing for a spectrum of privacy, though most remain a mystery to users. Under “Settings”, click “Privacy” and control how visible information like posts, account information like phone numbers and email addresses, and friend requests and more are.
Keep friends close
Friends’ activity can impact others. If a user allows tagging in a friend’s activity, this is then affected by their privacy settings and is subject to sharing or visibility by others.
Beware third-party apps
At first, it seemed benign to click “accept” when a third-party app or quiz intrigued a user enough to click content, with the innocent warning that the app would thus be granted access to a user’s profile and list of friends. That list of friends became an incredibly valuable commodity in an environment where privacy settings were controlled by a user – a tricky little workaround.
Users can adjust these settings quickly and easily but often didn’t go back to limit access.
Review security alerts
Users can opt for security alerts when Facebook detects a new login from a different device or browser. Two-factor authentication is also an option. To enable, access the same “Settings” menu, and click “Security and Login” from the left navigation and choose “Setting Up Extra Security”.

Security considerations impact all Facebook users, regardless if a user is also an advertiser. Before abandoning Facebook entirely, employ additional efforts to protect user data and your privacy. This type of “social security” has nothing to do with the government-issued card Americans carry, and a few additional steps will help secure user information and improve the Facebook user experience.

8 Intruder-Hating Tips For Home Office Security

8 Intruder-Hating Tips For Home Office Security

Your Devices Are A Target For Online Prowlers. At Your Peril Do Not Ignore!

Be Aware of Your Surroundings – Takes On a Whole New Meaning
When you were a child, your mom or dad reminded you, be aware of your surroundings. They wanted you to avoid getting hurt by a stranger. This sound advice also rings true when using your company’s computer, tablet or cell phone devices at any public Wi-Fi hotspot. Anytime you log onto a non-encrypted hotspot, you increase your device’s vulnerability to data hacking. Also, if you chose not to log on through a work-based VPN connection, you invite easy access to your company’s device. If you travel for business, you practice keeping your devices safe, especially in airports and train stations. But if you can avoid doing sensitive work at public hotspots, you’ve reduced your vulnerability and increased your awareness of your online surroundings.
 Company Security Policies Are For Your Protection
Let’s say you work from home. Or maybe you travel and work remotely. Once you leave the company’s secure environment, your vulnerability increases. The organization is entrusting; you won’t expose them to unwanted malware and a hostile environment they have no control over. It’s for this reason; your company institutes a mandatory security policy. The terms of the policy state when any staff member, works away from the office, they must use the company’s devices. Should your device be compromised, your IT Security department can contain the risk immediately. But using a non-issued device, a friend or spouse has, you’ve exposed your company to a possible cyber-attack. You’ve also left the IT Security team to pick up the pieces which could have prevented. No need to stick your neck out. Follow your company’s security policies and reduce your risk and exposure.
Not Some, But All Systems and Applications Must Stay Up To Date
We know. You hate being reminded. Security managers are updated zealots. But their sage advice is the simplest and easiest step a home office user has at their disposal. When running your updates, remember you are updating your operating system, all applications, and Microsoft Office. The updates are not just for the latest versions. Updates are for your stronger security-related measures. When your computer reminds you to update your system, take those extra minutes and update. Finally, don’t forget your once a week security scans and your once-a-month full system scan. You might be surprised what your system digs up.
You Can Trust Me – I Am Your Network, or Are You?
Let’s say a security application, you’ve never seen, pops-up and prompts you to do a security scan, would you click it on? We hope you’d say no and here’s why. Some applications appear harmless and legitimate, almost friendly and helpful. But underneath they are programmed for sinister activity and why you must stay vigilant and know in advance if an unfamiliar network should be trusted. Granted you will be suspicious of public Wi-Fi hotspots, but at home, that same caution must continue. Downloading an app, your IT Support hasn’t cleared, puts you at great risk. If you’re not sure you logged into the correct network, stop and contact your IT Security Support department right away.
Remove The Cache Sludge From Your Computer
Have you noticed lately, your computer or browser are taking just a little longer to boot-up or respond these days? With virus updates, software patches, surfing the web, emailing, and working from your home computer, you will build up digital muck. For starters, your cache is your catch-all. It doesn’t matter what it is; something is going to drain down into your cache. And it keeps a record of it. So, if you want smooth sailing internet browsing and peak performance, clean out your cache. Why horde piles of digital yuck, for months, in your cache, where malware has been known to hide out? Once you clean out your cache and reload your browser, it rewards you with the updated version of the website you’re visiting. Also, if the site owners keep their security up-to-date, your visit is secure.
These Cookies Are Not Your Friends Nor Are They Tasty
According to Webopedia, “a cookie will contain a string of text that contains information about your browser. To work a cookie does not need to know where you are from; it only needs to remember your browser.” Some Websites use cookies to store more personal information, about you, and you may not know it. You must find out who has data about you. With bad press surrounding social media sites, it’s becoming more important to check your browser for cookies and delete them selectively or delete them entirely.
Still Using Passwords – Multi-Factor Authentication Gives You New Security Powers
In the early years, you were trained how to use passwords to protect your sensitive material. Something easy to remember. But with progress came security breaches. Easy passwords were out. Next password level was using numbers and symbols in the place of vowels in your password. Now passwords are out, and passphrases are in. Here’s how it works. No confusing password with symbols or numbers to remember. What you create is a phrase you will easily picture in your mind, like the address at your best friend’s house. Instead of a password like this: #152@Bobs, you create a passphrase like this: AddressAtBobsPlace. Now you have an easier way to remember and beefed-up security powers to protect your sensitive information.
Will Your Router Pass A Security Examination?
Finally, are you still using the original router password that came in the box? Does anyone else have access to that password? In some home offices, passwords get shared with family and close friends. If you do not remember the last time you changed the router’s password, or who has access to it, the time to replace the password is now. But if that same router has reached 24 months, ask your provider to swap it out and get a new dual-band router. With newer routers come five enhancements. They are faster to respond, data transmission is reliable, the latest security firmware is updated, comes with a warranty, and you receive a new password.
For more Intruder Hating Home Office Security Tips gives Network Essentials a call at {phone} or email us {email} to speak to one of our Home Office Security Specialists

Achieve New Heights With Microsoft In 2018

Achieve New Heights With Microsoft In 2018

From humble beginnings in a garage as the brainchild of two men to an asset valuation of nearly $250 billion in 2018, Microsoft is no stranger to breaking records.

Do you think Paul Allen and Bill Gates knew what lie ahead in 1975? Nope. Couldn’t have.
In those days, developing a BASIC interpreter for the Altair 8800 seemed impossible – because no one else had done it, including Allen and Gates, yet they promised the finished product and were able to deliver in two months. Between 1975 and now, the Microsoft Windows product is a professional mainstay and continues to dominate the desktop computing market. Add to this their Microsoft Surface product line-up, and between the desktop or laptop PC or the operating system it’s running, Microsoft is The Man. And we didn’t even get to the Microsoft Office line-up yet.
Between Microsoft Office, for which organizations purchased physical software plus per-seat licenses for users roughly a decade ago, and today’s Office 365, accessible online from anywhere, Microsoft caters to the modern professional. The Office Suite has expanded in recent years, beyond Word, Excel, and PowerPoint, to include a variety of productivity apps, including OneNote, Microsoft Teams – formerly Skype for Business – for a collaborative platform, and Outlook. All Microsoft applications offer seamless integration with other Microsoft apps, as well as a variety of external apps to blend the user experience with the goal of simplifying processes to increase efficiency and productivity – therefore, revenue.
Whether it’s standalone apps or the subscription-based Office 365, Microsoft products are the staples at every professional workplace in first-world countries today. Microsoft’s SharePoint and OneDrive, and their super-seamless integration with a multitude of productivity apps, simplify communication and connectivity in the professional world. From creating documents and spreadsheets to storing and sharing with colleagues, Microsoft has you covered.
Microsoft doesn’t like to just do something first – the team behind Microsoft Teams wants to do something first and best. Case in point, Microsoft is the first global cloud provider to receive the Certification for Protected data in Australia – a great achievement. The underlying significance of this is all levels of government and critical national infrastructure in Australia will be able to accelerate and increase use of secure cloud computing and storage. By comparison, Amazon began expanding its Amazon Web Services cloud-based storage solutions in the same area in 2012, but Microsoft is still first to be awarded this certification.
Remember when we mentioned subscription-based Office 365? Microsoft Azure and Office 365 are also getting accolades: both can now boast of Protected Certification by the Australian Signals Directorate (ASD), as well as inclusion in the Certified Cloud Services List (CCSL). Microsoft has been working in direct partnership with the Australian government toward this major milestone for a few years, and this achievement grants the opportunity for immense digital transformation in the public sector in both New Zealand and Australia.
Both Certification statuses are timed well with Microsoft’s announcement on the availability of Azure Australia Central. Two new highly-secure Microsoft Azure cloud regions are located in Australia-owned facilities, designed to facilitate mission-critical operations and demands for critical elements of national infrastructure. The Australian government has established clear intentions with these Certifications and announcements, to expand the adoption of cloud solutions. The public display of confidence in Azure and Office 365 offers a high level of assurance in both Microsoft and cloud optimization.
Australia released a formal strategy recently to demonstrate the cloud’s economical digital storage solutions, offering an ideal opportunity to shift reliance to a faster and reusable environment. Cloud-based storage solutions are free from limitations and constraints imposed by on-site options, with the added bonus of being customizable and convenient.
Microsoft invested in Australia with these data centers, and demonstrate a commitment to the public sector as well as the high degree of trust other organizations can have in Microsoft as a cloud service provider.
The cloud is nothing new, and the appetite for cloud-based solutions is growing in every corner of the globe. Microsoft isn’t the only global cloud solution provider, but this move signals a level of trust that few other brands can boast – or deliver upon. Every day, news of “the cloud” reaches journalistic outposts – Time, CNN, MSNBC, you get the idea. Dozens of entities have filled the channel, claiming to offer the same level of service and security that industry leaders, like Microsoft, can – but, in reality, few do. Why? It’s likely a combination of factors: expertise, financial fortitude and flexibility, all upon which a solid reputation is built.

Key players in the Infrastructure as a Service (IaaS) industry deliver infrastructure services on an outsourced basis to enterprise operations, providing hardware and storage solutions, servers and data center space These components each feature the benefits Australia focused on in their selection of Microsoft as their IaaS provider: security, scalability, reliability, economy, and expertise.

Is security the most critical component of the cloud? Many would argue that each benefit is nearly equal, but security and reliability are the two with the greatest impact and should, therefore, have the greatest focus when choosing a cloud solutions service provider. It’s easy to see why Australia went with the industry giant.
What’s next? Will other national governments follow Australia’s lead? Cloud is clearly the direction to take for trusted resources in data storage, with Microsoft being the lead innovator. Cloud is highly scalable, flexible, and reliable, and the future of data storage!

Want To “WOW” Your Boss With Professional Diagrams And Flowcharts?

Want To “WOW” Your Boss With Professional Diagrams And Flowcharts?

I Have Some Tips For You.

I often get asked by my boss to take the data she accumulates and put it into easy-to-read diagrams and charts. I was using Excel until just recently, which is great, but I needed something with more functionality and design choices. Then I found Microsoft Visio. I think it’s one of the best options available today to create diagrams and flowcharts. I have access to so many great templates and shapes that give my work the professional look my boss requires.
I really didn’t know much about Visio until a colleague told me about it. And when I gave it a try, I was sold. Now my diagrams can be as simple or complicated as I want. Visio provides all the tools and functions I need and comes with a wide variety of built-in shapes, stencils, and objects. I can even create my own shapes and import them if I want.
Have you heard about Visio Online? Microsoft Visio 2016 Viewer lets you view Visio drawings inside your Microsoft Internet Explorer Web browser. It’s a web-based version of Visio. So, when I’m away from the office I can still use it to design, create, edit and share diagrams and flowcharts online. I just upload my Visio diagrams and flowcharts to either SharePoint or OneDrive for Business and edit them in my browser.
Now I can collaborate with my team to streamline projects and work with them on diagrams right from my web browser. And I don’t have to worry about security. The only people who have access to my charts are the ones I authorize. I can even review their comments and add my own directly from my browser. And here’s another plus!—I can store all my diagrams in our OneDrive cloud storage that has 2GB of space.
What my team and I like best about MS Visio is that it’s so easy to use. It’s simple to create top-notch diagrams with commonly-used diagram types and rich shape sets. It’s easy to collaborate with team members and stakeholders, view and add comments, and share the diagram with others. We can pull external information into Vision such as an Excel sheet, or Access database. Now when my boss sends tons of data to me, I pull up my Visio, Excel or Access and design fantastic diagrams in just an hour or so. (She thinks I work all weekend to get this done!)
In case you didn’t know, Visio 2016 was released in September 2015 along with Microsoft Office 2016. It has dozens of templates you can use for a multitude of industries and verticals.
A few new features were added such the ability to connect to Excel data, information rights management for your Visio files, modern and detailed shapes for site plans and floor plans, IEEE-compliant electrical diagrams and home plans (architects, contractors, engineers, and designers will like these), and even 3D map diagrams. Plus, it comes with a bunch of new starter diagrams, themes, and built-in shapes–Hundreds of them! All these shapes are categorized, so they’re easy to find and choose from.
Want to know some really helpful Visio tips? I’ll share them with you here. I now consider myself a Visio expert, and I know there are a lot of beginners out there who might appreciate them.
Text Editing
Sometimes you need to edit text when you’re putting everything together, and not all applications let you do this. However, it’s easy to do in Microsoft Visio: Just click on the shape next to your text and press the F2 button. That’s it. Now you can edit as you wish–Simple! When you’re finished just press “Esc” to get out of the text-edit mode.
Shortcuts

F1 -for Help
Tab key to switch between shapes
Crtl+1– for the “selector” cursor
Ctrl+2 – for the text tool
Crtl+3– for connector lines
Alt for the main toolbar.
F3 for the Format Shape task pane
Crtl+PageUpor PageDown to move between sheets
Ctrl+ scroll up or down with the mouse to zoom in and out
Ctrl+click on and drag an object to copy and paste it in another place.  

Draw Shapes
The Drawing Tool is next to the Pointer Tool on the Ribbon. Click on the arrow and select a shape from the drop-down menu. Then you can start drawing your shape. Try combining shapes with the Pencil Tool to make more complex or intricate shapes. You’ll be an expert before you know it.
Save Shapes
If you want to save a shape that you made, Visio lets you do this. Look on the left of the toolbar for “More Shapes” > “New Stencil” and drag and drop your shape into the blank space. Then right-click it and choose “Save As.” Now, just rename the shape and save it.
Add Files
With Visio, you can copy anything from other Microsoft Office apps and paste it into your diagram or flowchart. So, if you have an Excel table or diagram, just copy and paste it right into your Visio diagram or flowchart. This saves you from having to redraw it. You can now proceed with Visio’s editing tools.
Create Flow Charts Quickly in Visio Online.

Choose the Basic Flowchart diagram.
Choose a shape from the Shapes Panel and drag/drop it into your canvas.
Hold your pointer over the shape until you see the Auto-connect arrows.
Move the pointer to one of the Auto-connect arrows. You should see Quick Shapes where you can choose the shape you want to add.
If you want to add some text, double-click the shape.
You can add more shapes by dragging and dropping them from the Quick Shapes list.
Use the smart guides to align your shapes the way you want.

Before long, you’ll be an expert in Microsoft Visio. I hope this helps, and you get the kudos from your boss that I did from mine!