Then it is particularly important to deploy this month’s (January 2020) ‘Tuesday patch’ from MS as soon as possible on your servers – those old Windows 7, 08(2), 08, 03 and XP ones you shouldn’t have, but are key to your business.
A critical flaw in the remote desktop protocol permitted a remote actor to deploy code on your systems without ANY authentication or user notification. If an attacker gains access to a single machine on your network by exploiting this vulnerability, they can scan the rest of your network and move on – a significant worm attack threat — basically, another WannaCry. Leaving any unpatched systems on your network at the very least leaves you vulnerable to scanning to identify systems with other potential vulnerabilities or packet sniffing attacks.
The full MS vulnerability advisory is here – https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ – if you like a bit of light security horror reading before bed, and want to reconsider that server update budget.
On the desktop side, this month’s is also a biggie fixing 79 vulnerabilities – https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d – with almost all applications and critical services being impacted, many with critical issues. The exposure is sufficiently critical that MS advises that all users apply the patch ‘as soon as possible’, as some of the exploits have been observed already in use.
Talk to NWT about how we can help with your technology security.
Together, Anexinet and NWT are uniquely positioned to help clients streamline their journey to the Cloud in the face of the pandemic by designing, building, automating and managing their workloads and applications on Enterprise-Cloud or Cloud-Hyperscalers, including AWS, Alibaba, Google Cloud, and Microsoft Azure. The strategic partnership has already helped one established financial institution unlock significant value by accelerating the development and delivery of effective, integrated Cloud-based solutions. Anexinet’s proven Kickstart process and comprehensive set of tools and services deliver an Agile, scalable Cloud-based environment that embraces traditional IT as well as Private, Public, and Managed Cloud. Migrating applications and business systems to the Cloud is a daunting task for even the most mature organization. As a result, a Cloud-adoption strategy and roadmap often means the difference between successful deployment and failure to launch. Anexinet helps organizations determine their ideal strategic approach.