Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

In case you didn’t hear, another big vulnerability was reported by Microsoft on May 14, 2019 known as “BlueKeep” which takes advantage vulnerabilities of Remote Desktop Services (RDS), Remote Code Execution (RCE), and Remote Desktop Protocol (RDP).  However, BlueKeep only affects older version of Windows, so users of Windows 10 and 8 can rest easy.  The severity of the vulnerability though has forced the hand of Microsoft and they have actually made and released a security patch for its unsupported versions.  They have classified this vulnerability as a critical level threat.

This is why as of June 4, 2019, Microsoft once again urged its customers to apply the patch as soon as possible as more than 1 million devices are still vulnerable to the attack.  This is to avoid another widescale malware attacks like those of the WannaCry ransomware attack back in 2017.  Many companies were affected by the attack and caused many business operations to stop, more notably hospital operations.

What can you do to avoid being affected?

Microsoft has already provided the solution to BlueKeep, make sure you download the latest security patch for your corresponding OS (you can find the patches here).  You may need to reboot your servers to ensure the patch is running properly.

For those who are Trend Micro users, specifically those who use Deep Security, if you are unable to apply the patch due to other reasons, such as being unable to reboot your servers, please make sure that you apply the correct policy for the virtual patching of Deep Security to ensure the security of your servers.  Below is the Deep Packet Inspection (DPI) rule:

  • 1009749 – Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

You can view the official Trend Micro article on it here.

For those who are looking into a longer-term solution, you can consider solutions such as Citrix Gateway and Virtual Apps to secure your remote connections to Windows servers.

To learn more about these solutions, you can contact us at 893-9515 and we will help introduce you to different options that you have to help prevent these kinds of vulnerabilities!

A Closer look at Processor Vulnerabilities

A Closer look at Processor Vulnerabilities

The past few years has been rough on processor security, this especially for Intel as one of the biggest processor vulnerabilities Meltdown and Spectre was for nearly all their modern CPUs.  Although patches came out almost immediately to solve these issues, this was just the start to the security vulnerabilities as other attacks such as MDS (Microarchitectural Data Sampling) have been popping up.  So why are these vulnerabilities and security flaws only now coming to light?  These issues actually are quite complex and would need a further understanding of the advances of CPU technology such as the following below:

  • L1/L2/L3 caches
  • Speculative execution
  • Pipelines and buffers
  • Hyper-Threading

If you are unfamiliar with the above technologies, they basically function as ways to help improve the speed of the CPU.  In theory, without these components, we could have a much more secure processor at the cost of performance.  Vendors are caught in a predicament of wanting to increase performance but also have to consider the security implications of newer technology.  This shows in the patches for recent vulnerability fixes which brought performance down of the CPU by 5-30%.  The latter number can be alarming but does not usually affect home users as the 30% is more frequent for servers.

Although vendors are still working on improving their security to prevent future vulnerabilities from happening, there are still ways to make sure that your data is protected like adding an additional layer of security.  With the help of 3rd party security vendors such as Trend Micro can help with products such as Deep Security through virtual patching.

To get a more in depth understanding of the processor vulnerabilities, you can refer to this article here.  To learn more about Trend Miro Deep Security, you can visit our page here or contact us directly at 893-9515 and we will be more than happy to answer your inquiries!

Join Our Upcoming Event Pushstart!

Join Our Upcoming Event Pushstart!

Cloud technology is being used more by many companies due to its operational and economic benefits it can provide to them. This in turn puts more importance into securing your virtualized data centers, cloud deployments and hybrid environments. Leaving any gaps or neglecting any aspect in your security can now expose you and your company to more threats and serious breaches such as ransomware and other malicious attacks.

CT Link Systems, Inc., in partnership with Trend Micro, invites you to attend our upcoming event, Pushstart, to learn more on how you can better secure your company from the growing threats on Cloud platforms such as Microsoft Azure and Amazon Web Services!

Register HERE if you would like to learn more!

 

About Cisco

Cisco is a multinational technology corporation that specializes in networking and communication technologies. The company is headquartered in San Jose, California, and has offices and operations in over 100 countries worldwide.

Founded in 1984, Cisco has become a leading provider of networking equipment and solutions for businesses and organizations of all sizes. The company’s products and services include routers, switches, wireless access points, security solutions, collaboration tools, and software-defined networking solutions.

Cisco’s networking solutions enable businesses to connect their devices, applications, and data across local and wide-area networks, as well as the internet. The company’s products are designed to provide fast, reliable, and secure connectivity, with features such as Quality of Service (QoS), network segmentation, and advanced security protocols.

In addition to its hardware products, Cisco also offers a range of software solutions for network management, security, and collaboration. The company’s software-defined networking solutions provide a flexible and scalable approach to network management, enabling businesses to easily configure and manage their networks through a centralized dashboard.

Cisco’s collaboration tools enable teams to work together more effectively, with features such as video conferencing, messaging, and file sharing. The company’s security solutions provide protection against cyber threats, with features such as firewalls, intrusion prevention systems, and endpoint protection.

Server Security: Ransomware & Advanced Attacks

Server Security: Ransomware & Advanced Attacks

Business IT environments are now at bigger risks as more and more malware, such as Ransomware, are becoming more sophisticated.  The results of malware gaining access to your IT environment could lead to as much as disruption of your business operations – mainly your service, productivity, and more importantly – your reputation.  Cyber criminals do this through business process compromise (BPC), halting your access to business critical applications and data which can last for days if not months..

Contrary to common belief that cyber threats are an endpoint issue, ransomware and other advanced attacks are also focused on your servers.  Servers are high value easy targets for cybercriminals due to the combination of readily available infrastructure via the public cloud and the increased speed of application delivery to create competitive advantage.  Server and endpoint security hugely differ in the sense that the applications and operating systems that run enterprise workloads in the data center, in the cloud and even in containers can be extremely dynamic.

Fundamentals DO matter – Patching

As servers are the driving force that pushes any business forward, tasked with housing your most valuable data, it is only natural that cybercriminals would start targeting it – whether it’s on premise or in the cloud.  Cybercriminals will take advantage of vulnerabilities found on your servers. A good example of this is the recent WannaCry Ransomware attack a few weeks ago which leveraged on a Microsoft Windows SMB vulnerability to inject itself onto servers and endpoints.  OS Patching is the best solution to these as to prevent the attack from executing. However, there are many reasons why servers are left unpatched one of which is server downtime.  It is estimated that enterprise firms take an average of 250 days for their IT (205 days for retail businesses) to fix the software flaws in their enterprise applications.

Layered Security

Hybrid Cloud infrastructures are complex, and these complexities can have gaps which can be exploited.  So what can be done to prevent situations such as compromised endpoints accessing a vulnerable file server?  Here is where advanced server security solutions such as Trend Micro Deep Security comes in.  Designed to protect workloads across physical, virtual, cloud and container environments with host-based security to shield servers from a wide range of threats.  With its range of cross generational security techniques, it will be able to enable you to easily:

  • Stop network attacks and shield vulnerable applications & servers, leveraging Intrusion Prevention (IDS/IPS) and firewall techniques;
  • Lock down systems and detect suspicious activity on servers, using techniques like application control and integrity monitoring that have been optimized for the hybrid cloud; and
  • Prevent malware and targeted attacks from successfully infiltrating your servers, leveraging proven anti-malware and advance techniques like behavioral analysis & sandboxing

Learn more about Trend Micro Products from our product page here!