What to Do Now to Address Microsoft Vulnerabilities

On August 13, Microsoft released information regarding patches that will impact virtually every modern version of Windows. This alert, Patch New Wormable Vulnerabilities in Remote Desktop Services, outlines “a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities.” As Microsoft points out, these vulnerabilities raise significant red flags because they are “wormable,” which means that this exploit can carry malware and can spread through a network in an automated fashion without any user or human interaction.

The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

This headline-generating alert from Microsoft should be of immediate concern to any organization using Windows products. As we have learned from past vulnerabilities, including the BlueKeep issue earlier this year, these new vulnerabilities (CVE-2019-1181 and CVE-2019-1182) should be acknowledged and protected against immediately, as the impact of an attack can be massive and could strike at any time.

Asset Management/Vulnerability Management

This new concern, coming so quickly on the heels of BlueKeep, also serves as a reminder to all organizations on the importance of asset and vulnerability management. Asset management is foundational to a robust security program as it’s very difficult to secure assets when they are not properly identified and tracked. A robust asset inventory should capture asset name, network address, owner, operating system, data classification, and would ideally tie into a software inventory of the system. This will enable fast identification of affected systems.

A mature vulnerability management program will enable an organization to scan and triage affected systems. This will allow teams to focus patching efforts on areas with the most risk, such as internet-facing systems. Additionally, identifying systems that cannot be patched due to operational concerns will allow security teams to implement secondary security measures to prevent compromise.

It is impossible to predict when this identified weakness will be weaponized, but this often happens within days to weeks of the vulnerability being embedded within the system, and without the aforementioned security practices in place, companies place themselves at much greater risk of compromise.

Patch Management and Timely Patching

Organizations with robust patch management programs already in place, and who practice timely patching, consider this week’s Microsoft announcement to be old news. As soon as the notification was published, IT and infrastructure teams should already have identified affected systems and begin identifying requirements for patching. They would be notifying security teams of systems that couldn’t be patched, and working with them to find creative means of implementing secondary security controls.

Over 90 issues were covered in this week’s announcement, so while the two most potentially damaging are capturing the media’s attention, a robust patch management program will already be tracking and addressing all concerns.

Vendor Management

One of the often-overlooked responses in a situation like this is vendor management. In the current environment with companies often directly connected and sharing data, a compromise in one company can lead to an attacker using it as a foothold to enter partner and vendor environments. During times like these it is important to reach out to partners and vendors and ensure they are aware of the issues, and ensure companies have proper logging and monitoring in place to identify anomalous vendor or partner activity.

Plan, Don’t Panic

We all recognize that vulnerabilities will continue to raise risk management concerns for organizations across locations and industries. However, maintaining security fundamentals: asset management, vulnerability management, patch management, vendor management, is the foundation to being able to respond to situations like this without causing panic and churn within an organization. Companies identifying zero-day vulnerabilities in their systems is not unusual, having a controlled, measured, response to them is the mark of a mature security organization.

Jon Medina

Managing Director
Security and Privacy

Subscribe to Topics

Privilege access credentials are a main target attackers use to carry out #cybersecurity breaches. Join #ProtivitiTech to learn how to apply #zerotrust measures to thwart attacks. http://ow.ly/iuXH50KXwBy

#identity #security #cloud #devops #cyberattack

September is National Preparedness month and we’ve updated our Guide to Business Continuity and Resilience. Download your copy today for answers on key questions and industry perspectives. http://ow.ly/B5mF50KG4l5

#ProtivitiTech #businesscontinuity #businesscontinuitymanagement

“I’ve seen some amazing advancements in #qubit fidelity,” #ProtivitiTech @KonstantHacker said. “We don’t need perfect qubits and we need enough to do what’s called error correction.” Read more of the @CNBC interview on #quantum investing. http://ow.ly/ahaK50KXwwk

Next week, #ProtivitiTech Greg Hedges and @KonstantHacker will discuss post #quantum cryptography in this new #cybersecurity webinar series. Learn the benefits and risks of #quantumcomputing and understand the post quantum #cryptography timeline. http://ow.ly/RX1p50KIGaA

Let's transform together. Migrate and modernize your @SAP applications on @Azure increasing flexibility, scalability and security with Protiviti. Learn more: http://ow.ly/RnKa50KTJer

#ProtivitiTech #Microsoft #Azure #SAP #scalability #security

Load More