OCD Tech, the IT Audit & Cybersecurity division of O’Connor & Drew, P.C. has been made aware of a critical vulnerability in Microsoft Windows operating systems. This vulnerability is so severe we felt it warranted notification.
The exploit affects Windows desktop 7 and Server 2003/2008, and we know many of our clients still run these levels of software. The vulnerability allows a remote attacker to compromise these types of computers from across the internet if these computers are directly connected to the internet. The attacker does not need to know your user ID or password. On an industry standard vulnerability scale, this is ranked at 9.8 out of 10. The first widespread vulnerability for Microsoft this year.
Microsoft strongly recommends that users install the updated patch immediately to mitigate the vulnerability. For those users unable or unwilling to install the update the following actions can help to mitigate risk:
Disable Remote Desktop Services – unless your organization relies on RDS to operate disabling the service can limit vulnerability
Enable Network Level Authentication (NLA) – enabling NLA will prevent unauthorized access and force hackers to enter valid credentials before they can exploit the vulnerability
Block port 3389 – the RDS utilizes port 3389 to establish a connection, blocking this port will only prevent external attacks
Using Shodan, a search engine for internet-connected devices, users can see the active RDS exposed to the internet. Click here to see if your organization has an active RDS
As always, please feel free to reach out to our team of experts here at OCD Tech if you have any IT security-related questions.
