Tag Archives: vulnerability

Bluekeep Vulnerability Warning

Microsoft has issued a warning 1 to many Windows® users that a new vulnerability in Windows® Remote Desktop Services (RDS) (also known as Terminal Services) has been discovered for many Windows® Operating Systems which requires no user interaction to lead to a security breach . To clarify this means if you are running on one of these Operating Systems, it has Remote Desktop enabled, and it can be remotely logged into using Remote Desktop Protocol without first logging into a Virtual Private Network (VPN), it may mean it could become infected without the user doing anything at all. The affected Operating Systems are listed below:

  • Windows Server® 2003
  • Windows Server® 2008
  • Windows Server® 2008 R2
  • Windows® XP
  • Windows® Vista
  • Windows® 7

It has been reported that “potentially millions of machines are still vulnerable.” 2 This particular vulnerability is so widespread and potentially dangerous that Microsoft has released special Out of Band patches for Windows® XP and Windows Server® 2003.

Microsoft Windows® Patches for the BlueKeep Vulnerability

  • Windows® XP / Windows Server® 2003 – Security Patch KB4500331 (this patch must manually be downloaded from Microsoft and installed)
  • Windows® Vista / Windows Server® 2008 – Security Patch KB4499180 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499149 (this patch is available through Windows® Automatic Update)
  • Windows® 7 / Windows Server® 2008 R2 – Security Patch KB4499175 (this patch must manually be downloaded from Microsoft and installed) OR Monthly Rollup KB4499164 (this patch is available through Windows® Automatic Update)

Some IT administrators may respond that even though they may have a computer which has one of the affected Windows® Operating Systems, that it does not have Remote Desktop Services enabled, or it requires a VPN to connect to the network before the system can be connected to with RDS so the system is not vulnerable.

Securing the perimeter of your network is important but not installing the latest security patches on computers in the company’s network can produce devastating results if a malicious actor can defeat the perimeter security. We encourage you to run supported Operating Systems with the latest patches regardless of your current network topology. We recommend using a tiered security approach which secures not only your network perimeter but uses network segmentation, running supported Operating Systems, installing current security patches, deploying internal network monitoring and security controls, and employs Role Based Access Controls (RBAC) among other security best practices.

Other resources of information about BlueKeep include:

Windows® and Windows Server® are registered trademarks of the Microsoft Corporation

twitterredditlinkedinmailtwitterredditlinkedinmail

Patching Spectre and Meltdown Vulnerabilities

Discovered in 2017, and publicized in 2018, Spectre and Meltdown are two new vulnerabilities in how certain microchips were designed.1, 2

These vulnerabilities place information stored in memory (e.g. passwords, email, web browsing information, documents, etc.) at risk of theft.3

For Spectre to be exploited, a device must have a vulnerable processor. Security researchers have verified Spectre can be exploited “on Intel, AMD, and ARM processors.”4

For Meltdown to be exploited, a device (laptop, desktop, server, smartphone, etc.) must have a vulnerable processor and the Operating System (OS) running on that device must be unpatched. While not all of the details are currently known, security researchers have verified that many Intel processors are vulnerable.5

Because the vulnerabilities lie in the processors, a complete fix which does not incur a degradation in system performance may rely on the processors being redesigned.6, 7, 8

IT administrators should not wait to do something about this. Many companies including Microsoft and Apple are releasing software updates to help patch these vulnerabilities.9, 10

A number of hardware vendors are releasing firmware updates (including but not limited to BIOS updates). Updating firmware (i.e. micro code) is a step necessary to mitigate the risk of Spectre or Meltdown being exploited and a systems best practice in that systems should be updated with the most recent release (production) security updates.11

It is important to note, that using the wrong BIOS or firmware update for your hardware may result in the hardware becoming unusable.12

Additionally, if the device loses power during a BIOS of firmware update your hardware may become unusable.13, 14

Each hardware, OS, and software vendor is responsible for providing their own patch. It has been reported that some updates may slow down device performance.15

Intel has published benchmarks showing the difference in device performance for a “Fully Mitigated System” vs a “Non Mitigated System at 100%” which can be read at https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Blog-Benchmark-Table.pdf.16

Microsoft has released patches, but in order for your computer to see those patches it must have a supported anti-virus product installed and that supported anti-virus must create a special marker for Microsoft to confirm that your anti-virus will support the new Microsoft patches. If the special marker does not exist, “Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities.”17

According to one security researcher, here is a list of anti-virus products that have updates to protect against one or both of these vulnerabilities but do not as of 8 January 2018, automatically create the special marker.18

If you use one of the above listed anti-virus programs and you are unsure or uncomfortable with manually creating the special marker yourself, please contact your IT provider.

twitterredditlinkedinmailtwitterredditlinkedinmail