Not too long ago, I was watching a Netflix documentary on cybersecurity. I was fascinated (and admittedly concerned) about the information the documentary provided, but also excited that I knew about many of the attacks from our coverage here at ControlGlobal.com, notably Joe Weiss’ Unfettered blog.
So, I must say, I was glad to see Microsoft is taking a pro-active approach to preventing future attacks.
According to a recent article on Forbes.com titled “With a second WannaCry looming, more than half of industrial sites are vulnerable,” by AJ Dellinger, Microsoft recently released a warning to users of its older Windows versions to update the systems to prevent a potential cyber attack.
Digging further, in a recent blog post on Microsoft’s website titled, “Prevent a worm by updating Remote Desktop Services (CVE-2019-0708),” author Simon Pope, director of incident response at Microsoft Security Response Center, notes that although there has yet to be an attack using the current vulnerability, the company thinks it’s likely that hackers will exploit it and incorporate it into their attacks.
The blog post explains that Windows released fixes for a critical Remote Code Execution vulnerability (CVE-2019-0708) affecting older version of windows.
“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Pope explains in the blog.
The security update, which was released May 14, is rolling out for all Windows users, including older systems that have been previously unsupported, like Windows 2003 and Windows XP.
“If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705,” Pope advises.
However, in more positive news, Pope assures that not all of its systems are affected by the vulnerability, such as Windows 8 or Windows 10.
Regardless of the system you’re running or whether you’ve enabled a Network Level Authentication, Windows strongly advises all users to update their systems as soon as possible.
Why is Microsoft being so pushy about this? Dellinger explains in the Forbes article that the urgent warning suggests that a global-scale exploit is possible.
“Microsoft’s decision to invoke WannaCry should speak to just how serious the potential exploit could be. To date, the ransomware attack that terrorized individuals and organizations around the world in May 2017 is one of the worst cyber attacks on record,” Dellinger explains. “The attack, which encrypted files on infected machines and demanded victims pay a ransom in bitcoin in order to regain access to their information, affected as many as one million machines and extracts hundreds of thousands of dollars from victim. If Microsoft is raising the specter of that attack, it knows that it has a potentially devastating vulnerability on its hands and needs users to act quickly.”
He also notes that the 2017 WannaCry attacks could have been prevented, as Microsoft had issued a security patch for the vulnerability, but the update was scantily applied by users.
Dellinger takes it even further, highlighting industry’s use of older systems, which can often go without upgrades, potentially due to time and cost.
“Experts at industrial cybersecurity platform CyberX analyzed traffic from more than 850 operation technology networks and found that 53% of industrial sites are still running unsupported versions of Windows. That includes Windows XP and Windows 2003, two operating systems that Microsoft has rushed out a patch to prevent widespread exploitation of the lingering security vulnerability,” he says.
In fact, he quotes Phil Neray, VP of industrial cybersecurity at CyberX, as saying that industrial control networks are challenging to upgrade due to their 24-7 runtime on processes like oil refining and electricity generation.
My advice to you is, save yourself the headache and install the patch if you’re using a Windows system.