Users and organisations using out of support Windows Operating systems Windows XP, Windows 7, Windows Server 2003, Windows 2008 R2, Windows 2008 are being urged by Microsoft to undertake urgent patching measures, following Microsoft’s discovery of a critical remote code execution vulnerability.
The severity of its potential impact worldwide has prompted Microsoft to step in to release patches for the out of support Windows XP and Windows Server 2003. Windows XP users will need to download the patch (Remote Code Execution CVE-2019-0708) from the Microsoft Update Catalogue.
Microsoft spokesman and Director of Incident Response, Simon Pope, speaking from their Security Response Centre advised that this exploit vulnerability was ‘wormable’. This means that the user doesn’t have to ‘do’ anything themselves to cause the damage. Any malware created by hackers in response to this vulnerability that links to this Microsoft code, would cause a ripple effect by cross-infecting computers through Remote Desktop Protocol (RDP). RDP would facilitate the hacker’s ability to send requests enabling arbitrary code to be run, to view, change or delete data, or create new accounts with full user rights. This was the experience in 2017 when the Wannacry attack went global.
With millions of users still using Windows 7 machines, Microsoft are not taking any chances and are taking the same holistic steps as in 2017 to seek to protect users whether using supported or unsupported systems.
Unfortunately, there doesn’t appear to be a killswitch for someone to discover in this vulnerability unlike with Wannacry, but prudent and expeditious action taken promptly by organisations and their inhouse IT teams, (or through the direct intervention of IT MSPs like Amicus ITS), can take the mitigation steps to limit impact. Amicus ITS have already taken immediate steps to instigate the patching for all our customers. In addition, the RDP vulnerability can be mitigated by good access control and firewall management our Network Team are undertaking.
I would advise vulnerable organisations to update to the latest operating system (currently Windows 10), but check the following paths as part of risk mitigation consideration:
1. Upgrade to the latest or near latest operating systems – full mitigation
2. Consider migrating to the 365 / Azure platforms – server mitigation
3. Take up an advanced patching service via Amicus ITS – server and device patch assurance
Any organisations seeking advice or support can contact our Sales team in the first instance by calling +44 (0)2380 429429 or by emailing enquiries@amicusits.co.uk quoting ‘Microsoft Code Exploit 2019’
JP Norman is the Director of Technology, Security and Governance at Amicus ITS
Amicus ITS Blog 