On August 13, Microsoft published an urgent press release on its website warning Windows 10 users to update their operating systems immediately. The announcement came after researchers discovered two high-priority remote code execution vulnerabilities that appear to be “wormable,” meaning devices running the unpatched OS could be used to spread malware, viruses and other harmful code without any direct user involvement. With an estimated 800 million devices running Windows 10, according to Microsoft’s projections, the company is concerned that a large swathe of its users may be open to targeted attacks and identity theft until the new version is installed.
The RCE vulnerabilities were first identified during a routine hardening of Microsoft’s remote desktop services, prompting researchers to quickly release a set of fixes. While much of the company’s focus has been on warning Windows 10 users to update, the vulnerabilities are not confined to its latest OS product. According to Microsoft’s press release, the following versions of Windows are also affected:
- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
- Windows 8.1
Users who have automatic updates enabled have likely downloaded the necessary batch of fixes already, though it’s essential to verify whether the patch has been successfully applied. Additionally, all devices running Windows 10 Home and Windows 10 Pro are set up to download and install new updates by default, suggesting average consumers may be at less risk than users in enterprise environments. Businesses that manage their OS versions manually should take every precaution to update their Windows devices as soon as possible, as the RCE vulnerabilities are pre-authentication and easily exploitable.
Assessing the Windows 10 vulnerabilities
The recent Windows 10 security flaws, categorized as CVE-2019-1181 and CVE-2019-1182, are both remote code execution vulnerabilities that exist within Microsoft’s remote desktop services. If left unpatched, they allow unauthenticated attackers to connect to a target system or network through the remote desktop protocol and send out malicious requests. As previously mentioned, these vulnerabilities are pre-authentication and do not require any interaction on the part of the users. By exploiting how Window’s RDS handles connection requests, hackers could easily infiltrate secure IT assets, execute harmful code and extend their reach to other devices on a network.
Once an unauthorized user gains access through the RDS, they could launch a series of targeted attacks or install programs that would disrupt a device’s normal operations. For example, using these vulnerabilities, attackers could create new user profiles with full administrator permissions, allowing them to view, change or delete sensitive data. Elevated access privileges would also provide cybercriminals with a straightforward means of installing ransomware on key administration terminals, which would ensure an organization’s IT security team would be unable to effectively respond.
Beyond installing the latest OS updates for Windows 10, users can also leverage several other mitigation tactics to protect their networks, systems and devices. In situations where the RDS is not required, IT administrators can simply disable the application. Generally speaking, it’s considered a cybersecurity best practice to switch unused or unnecessary services off, as this can reduce an organization’s exposure to vulnerability exploits. Other temporary workarounds include:
- Enabling Network Level Authentication: One way to block unauthenticated users from gaining a foothold is to turn on the Network Level Authentication features within the RDS settings. This would prevent hackers from exploiting the Windows vulnerabilities by forcing all users to connect to RDS through a valid and previously verified account.
- Blocking TCP port 3389 at the perimeter firewall: Another option is to block TCP port 3389, which is responsible for initiating connections between Windows’ RDS and computing devices running Microsoft’s OS software. By blocking this port at the network perimeter firewall, IT administrators would be able to protect enterprise systems from threats that originate outside their organizations. This is also a general recommendation for safeguarding against internet-based attacks.
These recommendations are by no means a permanent fix, but they do give IT professionals a range of options for responding to the identified vulnerabilities. Ultimately, mitigating the impact of the Windows 10 security flaws requires a proactive approach to patch management and the right cybersecurity tools. That’s where Faronics’ Deep Freeze software can help.
How Deep Freeze simplifies Windows updates
Faronics’ Deep Freeze platform is a unified solution for managing Windows-based devices, offering complete security for a range of small business and enterprise environments. Not only can it protect multiple workstations, hard drives and partitions from unauthorized configuration changes, it can also help organizations keep pace with urgent updates and maintain software compliance. With Deep Freeze, you can ensure 100% workstation recovery upon restart and push critical OS fixes to every device in your network. Some of the core features include:
- Software deployment and maintenance: Deep Freeze allows IT administrators to build custom repositories and completely automate their maintenance processes. By setting a specific date, time and repeated frequency for your software deployments and updates, you can stay up to date with OS patches without the need for manual intervention.
- Patch management: All versions of Deep Freeze come with easy-to-use patch management tools that give your security team total control over Windows and third-party app installations and updates. Unlike other servicing tools, this platform features customizable software usage reporting and statistics that can keep you informed about workstations that are missing critical software and OS patches.
- Threat intelligence and prevention: Even with robust update management tools, your company needs to develop a strong defense posture that puts cyberattack prevention first. Deep Freeze gives IT staff the ability to detect and mitigate zero-day exploits and software vulnerabilities through advanced behavioral analytics and system-assisted learning. This layered security mechanism enables companies to monitor the health of their networks and workstations in real time.
Businesses of all sizes and in every industry rely on consistent and secure operating systems to maintain key workflows and protect sensitive information. Microsoft’s recent vulnerability warnings serve as a stark reminder that responsive patch management is essential to the health of enterprise networks. If your company is looking to stay ahead of future OS issues, read more about Faronics’ Deep Freeze technology or sign up for a free trial today.