Worm Risks Highlight The Need For Fast Patching

Microsoft recently issued a security patch for discontinued operating systems including Windows XP and Server 2003. Windows took the unusual action of issuing patches for operating systems that it no longer supports because a newly discovered vulnerability could create a situation as devastating as the WannaCry ransomware attacks of 2017.

Microsoft released a patch for the so-called "BlueKeep" vulnerability weeks ago, but a large number of systems have not yet been updated.

Microsoft says it is confident that cybercriminals have already developed exploits to take advantage of the BlueKeep flaw. Security researchers claim that developing exploits for BlueKeep is easy. Cybercriminals can use a specially crafted Remote Desktop Protocol (RDP) request to run arbitrary code on a vulnerable computer. They can then install malware or ransomware or steal sensitive information. 

Millions of computers still run Windows XP. Many of these systems "are part of critical infrastructure and enterprise environments where newer operating systems won't work," and all of them are vulnerable to BlueKeep if left unpatched. 

According to Microsoft, the BlueKeep vulnerability is "wormable," which means that it can spread among systems. The Remote Desktop component in older versions of Windows is the source of the flaw. Windows 8 and 10 are safe from BlueKeep. Ryan Whitwam "A Million PCs May Be Vulnerable to BlueKeep Malware, Microsoft Urges Users to Patch" extremetech.com (May 31, 2019).

Commentary

Security experts estimate that one million internet-connected computers remain vulnerable to BlueKeep.

Worms are a problem because they can quickly infect all computers. Such a large-scale attack could completely disable your operations, so prevention is important. Utilize up-to-date system architecture and/or patch for vulnerabilities.

Newer systems may update automatically, but older systems generally require manual updating, as is the case for the patch to fix BlueKeep. Often, organizations leave some network-connected computers running on autopilot. If that is the case in your organization, IT must routinely and frequently search for and install new patches for these machines. 

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Do Your Service Providers Open A Backdoor For Criminals To Access Your System?

Third-party service providers are one means for cybercriminals to use to access a target. How can you shore up your third-party back door?

Costs Of Cyberattacks Continue To Rise

Not only does a cyberattack cost money to fix, it also leads to lost current and future sales. Learn more about the high price of a cyberattack.

The IRS Scam Is Back: What To Look For

Phishers are out with a new round of IRS scams. Learn how to spot them and other phishing emails.