Microsoft has announced this month another set of vulnerabilities in Windows that is equally dangerous. Similar to WannaCry and the BlueKeep these coerced Microsoft into releasing a rare post-death patch for Windows XP, that this time it also affects Windows 10 systems. The new bugs, along with an associated set of patches were given out as part of its monthly Patch Tuesday release.
The announcement comes just a day after the Australian Signals Directorate’s Cyber Security Centre gave notice of that someone had published a way to exploit BlueKeep: “A security researcher under the Twitter handle @zerosum0x0 has recently disclosed his Remote Desktop Protocol (RDP) exploit for the BlueKeep vulnerability to Metasploit. The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of an attempted exploitation of unpatched systems.”
The Head of ASD’s Australian Cyber Security Centre (ACSC), Rachel Noble, estimated that up to 50,000 devices of Australian entities could be affected. “Any organisation or business that relies on the older Microsoft systems is at risk.” Ms Noble said. “The compromise of an unpatched system could increase the chance that your network could be exploited. Patching may require you to restart your computers, but this is a small price to pay when the risk of a compromise occurring could harm your business and its customers.”
Microsoft Warns of new “wormable” RDP Flaw
Your business is vulnerable if and when your employees are using remote desktop services (RDS) to remotely access the business servers or computers. This Windows service enables users to use a computer from a different location using the remote desktop protocol (RDP). However, Windows users are not the only ones at risk but also Mac OS based systems that access windows environments.
Therefore, if you haven’t done these updates to your Windows you shouldn’t waste any time, as your business is out there exposed to cyber-attacks. The updates include patches for four severe “wormable” security exploits (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-122) that can let attackers spread malware without any user action as Microsoft released.
“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” said Microsoft in a blog post where it also sent a clear message: Patch now.
The August 2019 security updates
All that sounds terrifying, but your business is not at risk if you’ve simply applied the new updates closing the security hole. Your IT department or outsourced company should take care of this without you to need to double-check.
This security update includes improvements and fixes that were a part of update KB4507437 (released July 16, 2019) and addresses the following issues: Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Virtualization, Windows Data Centre Networking, Microsoft Scripting Engine, the Microsoft JET Database Engine, Windows Input and Composition, Windows MSXML, Internet Explorer, and Windows Server.
Why you need a business IT services provider to manage your updates
Windows Update is an important component of your business windows system. It’s designed to keep Windows up to date and healthy and it usually does. But unfortunately, in many cases, it fails to do so and instead becomes the source of multiple problems. Without being able to install important updates to your Windows, you can’t fix your system security vulnerabilities, bugs or enjoy new system features and this can be extremely frustrating. All Windows Update issues can be fixed by working with a managed IT services provider and will save you time and money.
While Windows 10 indeed provides stronger protection than past versions of Windows, the default security often is not enough in today’s hyper-connected world. Your IT team should be aware of the Windows updates, install a solid antivirus (AV) software to secure your servers, PC and mobile devices and also performing a business continuity audit and a disaster recovery plan.
Xenex Systems, managed IT services in Perth
Offering fully managed IT services, our team will complete an audit on your IT environment and will proceed immediately on updating and installing the latest software to protect your business. Contact us now for a free audit and to discuss a framework, the timeframes and the pricing involved.