Two days ago a new vulnerability was discovered in Windows, which affected users of Windows XP, Windows 7 and other older Windows systems. Users of Windows 8 and 10 are not affected. This execution of external code exists in Remote Desktop services and can be operated remotely without verification to execute arbitrary code.
Microsoft explains: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system through RDP and sends specially crafted requests. This vulnerability is pre-authentication and does not require user interaction. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker can then install & # 39; s programs; view, change or delete data; or create new accounts with full user rights.
According to Microsoft, this vulnerability is "wormable", meaning that an attacker could theoretically use it to spread malware that would automatically spread between systems with the same vulnerability.
To illustrate how serious this problem is, it is worth remembering a notorious attack that also exploited a vulnerability in Windows systems. Wanna cry. The worldwide WannaCry attacks used a vulnerability called EternalBlue to infect more than 200,000 computers in 150 countries. Microsoft launched a patch for this vulnerability two months before the WannaCry attacks begin, a fact that underlines the importance of installing patches as they become available. From today, WannaCry is still active; there have been almost 5 million detections of this ransomware in the two years since the global attacks.
Recommendations: Patch your system and do not leave any doors open
To protect its users, Microsoft has already launched a patch for affected systems, including Windows XP, Windows 7 and Windows Server 2008. Although Microsoft "did not use this vulnerability, it is very likely that malicious actors will exploit this for write vulnerability and include it in their malware. "As such, it is vital that all users of the affected systems install the corresponding patch as quickly as possible.
Meanwhile, advanced security solutions such as Panda Adaptive Defense and Panda Adaptive Defense 360 offer additional security layers that can turn your endpoints into bunkers by activating the lock mode. This prevents an unknown program from running until it is validated by Panda Security.
Microsoft also recommends:
- Enable network-level authentication (NLA) on compatible systems (Windows 7, Windows Server 2008, and Windows Server 2008 R2)
- Disable the Remote Desktop service on those computers where this is not strictly necessary.
Make sure you are aware of updates and patches
The list of cyber attacks made possible by a lack of relevant patches has been expanded: from ransomware and cryptojacking to massive data breaches. One of the problems in finding and applying the necessary patches is a lack of resources and time in companies. Moreover, it is often difficult to prioritize which patches to apply first.
To provide support in prioritizing, managing and implementing patches and updates, Panda Clients have Panda Patch Management. This module does not require any additional implementation from the client and offers not only patches and updates for operating systems, but also for hundreds of third-party applications.
- Discover, plan, install and check: Provides insight into the health of endpoints in real time, in terms of vulnerabilities, patches or ongoing updates and unsupported software (EoL).
- Audit, monitor and prioritize updates on operating systems and applications. Provides real-time visibility of the status of open patches and updates for the system and third-party applications.
- Prevents incidents, systematically reducing the attack surface created by software vulnerabilities. The management of patches and updates allows organizations to anticipate attacks by vulnerability operators.
- Contains and limits attacks, immediately patches one or more end points: The console correlates detected threats and exploits with the uncovered vulnerabilities. Response time is minimized and includes attacks and recovers.
Discover patch management here.