CBI Security Alerts are designed to keep you informed of new threats in the cybersecurity landscape, provide actionable insights on how to address these threats, and deliver our expert perspectives on what’s new in security.
Today’s Security Alert highlights the new Microsoft patch that protects older versions of Windows from “wormable” malware attacks.
According to a new article from Krebs on Security, Microsoft has just released a critical security update to patch a vulnerability that could potentially leave older Windows operating systems vulnerable to “wormable” type threats similar to 2017 WannaCry ransomware attack.
Microsoft took the unusual measure to patch older versions of Windows that are past their support lives after discovering the vulnerability and recognizing that many of the versions impacted, including Windows XP and Windows 2003, are still widely in use.
What Does it Mean for You?
If you are using the “remote desktop services” built into certain older versions of Windows, you could be vulnerable to wormable malware attacks. This includes the following versions:
- Windows 7
- Windows Server 2008 R2
- Windows Server 2008
- Windows XP
- Windows 2003
Newer versions of the Windows operating system are NOT affected, including Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012.
What Should I Do Next?
CBI recommends you prioritize your patching process based on which systems have the highest risk to your organization due to the probability of the vulnerability being exploited.
- First, follow Microsoft’s instructions to determine which version of Windows you’re using.
- Prevention measures like this kind of patch should take place sooner rather than later based on your organization’s risk appetite. Follow this link to deploy and update the Microsoft patch if you are on one of the versions of Windows determined to be at risk.
- And of course, contact CBI for more help by calling 800-747-8585, emailing firstname.lastname@example.org or filling out our contact form.
Common variables to consider as you go:
- Asset location – Is the asset exposed to the internet?
- Impact the asset has to the business
- Next scheduled patch cycle
- Other compensating controls that are already in place
Finally, our best practice recommendations are for you to follow your change management processes. Always backup your system BEFORE you patch, and use a testing bed before you perform an enterprise wide rollout. Remember, “Risk = Threat x Vulnerability” so you can lower your risk as you lower the threat exposure or vulnerabilities. Let the risk drive your actions.