Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue.
Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft recently issued.
Nicknamed DejaBlue, the two security flaws are designated CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerabilities Microsoft issued patches for in May 2019. The newest flaws, like Bluekeep, could allow hackers to create so-called “wormable” attacks that easily can be spread from one computer to another without any interaction from a user.
The main difference is that the newer security vulnerabilities are potential threats to newer versions of Windows products.
There are potentially hundreds of thousands of computers that could be affected by the Windows worm. They sit within the Windows Remote Desktop Services (RDS) package. According to Microsoft, the vulnerabilities could affect the following systems:
That’s a massive number of potential targets that could be infected if the patches are not deployed and active monitoring tools are not in place.
Windows XP, Windows Server 2008 and Windows Server 2003 are not affected.
Like with BlueKeep, the vulnerabilities can be used to exploit RDP, a tool that administrators use to connect to other computers on a network. Hackers could then use that exploit to code and load a worm that is automated. It would “jump” from one computer to another, potentially affecting millions of computers quickly.
What makes the DejaBlue and Bluekeep vulnerabilities so dangerous is that they can propagate without any user interaction.
What’s more dangerous is that the new vulnerabilities differ from BlueKeep, which targeted Windows 7 operating systems. The new exposures could affect Windows 7 and all recent versions of Microsoft’s operating systems. That amplifies both the risk and the potential impact.
“At this point, nearly every contemporary Windows computer needs to patch, before hackers can reverse engineer those fixes for clues that might help create exploits,” notes Wired magazine.
While a British intelligence agency, GCHQ, is credited with identifying BlueKeep, Microsoft notes that it identified the new threats itself. To date, no evidence that exists that indicates the vulnerabilities were known to third parties, the company said.
“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Microsoft said in a release.
The scale of the potential damage is extraordinary. As of July 2019, there were as many as 800,000 computers worldwide that were still vulnerable to BlueKeep, with a much larger potential threat from DejaBlue.
The key to maintaining a secure network is developing a comprehensive, multilayered security strategy. A managed services provider can partner with you to develop a cybersecurity plan that includes:
Having the right security in place greatly reduces your risk of being affected by a cyberattack that can debilitate your business, ruin its reputation and cost thousands to repair.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”