The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

It is sometimes complicated to provide a listing of the top five sports accomplishments without stepping on someone's toes, however these end up being thought to be spectacular achievements, it does not matter who your best athlete might be. The five sporting achievements for all time:

1 - 1980 American Olympic Hockey Team

No one gave the teenage boys who had only played together a few days much chance from the Soviets. The Russians were considered the most beneficial team while in the world. In 1979, they'd shown their dominance by defeating the NHL All Stars 6-0. As soon as the U.S. team went to the Olympic finals, it was just an issue generally in most people's minds as to how bad they would be defeated. Against all odds, they won 4-3. Sports Illustrated voted bingo since the greatest sports moment of the 20th century.

2 - Jesse Owens 1936 Olympics

Adolph Hitler wanted to show Germany's superiority while in the Olympic Games when these folks were held in Berlin in 1936. His basic lies and propaganda were full of hatred for everyone rather than the white race. Jesse Owens place the nonsense to rest rather well by winning 4 gold medals contrary to the Fuehrer's athletes.

By Jessica Davis

- Earlier this month, Microsoft released a rare patch for systems it no longer services, including Windows 2003, Windows 7, XP, and Server 2008, with the intention of avoiding another global cyberattack like WannaCry.

The vulnerability is found in the remote desktop protocol (RDP) or ‘terminal services’ as it’s known on the legacy devices, which would allow a hacker to gain remote access without authorization. If exploited, the CVE-2019-0708 vulnerability would let a hacker send tailored requests through the RDP like a malware infection and would proliferate to all vulnerable computers on the network.

Indeed, the hypothetical exploit reads similar to the WannaCry attack from 2017, where hundreds of organizations were forced to delay services and operations. The UK National Health Service, in particular, had to divert patients to other locations and cancel non-emergency appointments after it fell victim to the cyberattack.

Hackers got in through a known vulnerability in the SMB protocol through Port 445. Microsoft released a patch, similar to the most recent RDP patch, months before the attack, but those that fell victim had not patched the vulnerable port.

And although it’s been two years after the massive cyberattack, the EternalBlue exploit is still being used by hackers, reaching historic levels. What’s more, healthcare is likely one of the most vulnerable sectors as many fail to apply patches in a timely fashion, if they patch at all.

READ MORE: Majority of Healthcare Medical Devices Operate on Legacy Systems

All of these elements could create the ideal scenario for another WannaCry event. For Oleg Kolesnikov, Head of Securonix Threat Research Labs, security leaders are viewing the recently disclosed vulnerability as a serious issue given its remote capabilities, there’s no required authentication, and it involves a “significant attack surface with RDP being so prevalent and frequently used by malicious threat actors.”

Microsoft’s decision to release a patch for end-of-life components, also points to the critical nature of the flaw, Kolesnikov explained. The same situation occurred during the 2017 global cyberattack.

“This is one of the reasons why some of the security researchers view this new RDP pre-authentication security issue as the issue that can be used in the next-gen Wannacry/ETERNALBLUE-like worm,” said Kolesnikov. “However, it is important to note that, when Microsoft issued the Wannacry patch, the exploit for the MS17-010 security issue used in Wannacry, ETERNALBLUE, was already publicly available.”

“The details available about this critical security issue indicate that this can have a significant impact even though there may not yet be a publicly available exploit.”

“This is not the case for the new CVE-2019-0708,” he added. “Still, the details available about this critical security issue indicate that this can have a significant impact even though there may not yet be a publicly available exploit.”

READ MORE: Microsoft Issues Rare Legacy OS Patch to Prevent Another WannaCry

In contrast, the newly disclosed vulnerability appears less complex to exploit and the attack surface is comparable, if not larger than the 2017 scenario, he explained. And while researchers are unaware of a public exploit of the flaw, “one of the problems with patches is that they can typically be reverse engineered and used to reconstruct the exploit.”

“So it's only a matter of time before malicious threat actors are able to exploit this effectively,” Kolesnikov said. “In fact, based on our security monitoring, there have been some reports of this or a very similar Windows pre-authentication security vulnerability that was likely offered for sale on one of the underground market around September 2018 for about US $500,000, which indicates that the known exploit for this high-profile vulnerability may already be available to malicious threat actors.”

With that in mind, HealthITSecurity.com asked Kolesnikov to share best practice methods to close RDP gaps and other endpoints to ensure healthcare providers are reducing risk to their organization.

Best Practice RDP Security

RDP use is prevalent across all sectors, but particularly in healthcare. Kolesnikov explained that these are typically enable on significant portions of systems, and a lot of which are exposed to the internet. While some are somewhat or partially isolated or firewalled, many of which aren’t fully inoculated.

“And if it’s targeted, particularly in healthcare, and exploited, the results can be much more severe,” Kolesnikov said. “SMB was exploited in WannaCry: still firewalled and not many organizations were exposing it, but it was still really bad. Now we have RDP, which is comparable in terms of exposure: it’s another reason to move quickly.”

READ MORE: Despite Microsoft Patch, Attacks Using WannaCry Exploit on the Rise

The University of Berkeley Information Security and Policy stresses the need for strong passwords and access to be restricted using firewalls. Further, organizations should enable network level authentication and limit the number of users allowed to log in using RDP. RDP gateways and a change of the listening port for RDP can also shore up the vulnerable endpoint.

For Kolesnikov, organizations should begin with defining an enterprise- or port-wide policy to handle endpoints and make sure the port isn’t accessible to the internet. Timeout sessions should be active, make sure there’s a disconnect time on remote sessions, as well.

Organizations should also simply disable the RDP if possible, or only give access on a need to know basis, Kolesnikov said. Firewall must also be enabled and ports should be segmented, or compartmentalized as much as possible.

“There’s a saying, it’s almost like candy with a hard, external shell and a softer core for the internal organization,” he said. “It applies to healthcare, with its critical operations: healthcare is the most mission critical, and it's often not feasible to take systems down or patch in a timely manner.”

So is segmentation an alternative?

“To be honest, segmentation should not be viewed as an alternative to patching,” Kolesnikov said. “But it can mitigate in some places and allow security teams to detect an intrusion… we typically recommend a virtual patch, as in some cases it can enable organizations to push or extend the period for applying patches.”

3 - Secretariat's Triple Crown

The naysayers thought that Secretariat would fade in the 3rd and longest race of the Triple Crown. Many horses before tried well inside Kentucky Derby plus the Preakness, but gets hotter came to the Belmont Stakes on the list of faltered. The fantastic horse did actually feed on this and left another competitor from the dust in the most lopsided wins in the good the sport.

4 - Wilt Chamberlain's 100 Point Game

It had been on March 2, 1962 in Hershey, Pennsylvania. We have witnessed many great players with amazing performances consequently, but none of them have approached this feat. The story goes utilizing 46 seconds left, Wilt the Stilt performed a slam-dunk off an alley-oop heading to the century mark. Over 200 from the paying spectators stormed down from your stands to attempt to the touch the super star. Good NBA, the final seconds of the adventure were never played.

5 - Michael Phelps 8 Gold Medals

Everyone felt that Mark Spitz had accomplished what few other man could ever aspire to achieve together with his 7 gold medals won in swimming. Inside the Summer Olympics of 2008, Michael Phelps not only won a different, but he set 7 new records in the process. Of course, you can always find new accomplishments for being manufactured in the realm of sports and the field is spacious for brand spanking new achievements with every single day that passes.

Source : https://healthitsecurity.com/news/the-impact-of-microsofts-latest-legacy-patch-and-rdp-security-basics

1161
The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:IT Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:GCN

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:TechRadar

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:CSOonline

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:IT Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security

Source:ZDNet

The Impact Of Microsoft’s Latest Legacy Patch And Basic RDP Security