Are your systems impacted by the critical vulnerability in Windows?

Kent Agerlund Kent Agerlund

Kent Agerlund

发布日期: 2020年1月16日
+ 关注

Spot which of your systems are affected by the latest critical vulnerability in Windows Clients and Servers - and whether your fixes work!

This week, the National Security Agency disclosed a critical vulnerability affecting Windows 10 and Windows Server 2016/2019, as well as applications that rely on Windows for trust functionality.

According to the NSA:

“Exploitation of the vulnerability (CVE-2020-0601) allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities” (…) “The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.” (…)

“NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability.” (…) “Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints.”

“In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services.”

 

How do you know where the vulnerability is?

Disclosures of critical vulnerabilities in prevalent systems set a lot of wheels in motion internally. And quite rightly so. Risk management includes identifying the organization’s weaknesses and devising a mitigation strategy – a strategy that prioritizes the systems most critical to corporate security.

The trouble in most organizations is to identify exactly which systems – down to device level – are in the danger zone for a particular vulnerability. It is quite difficult to establish exactly where the pain points are, because the infrastructure is riddled with blind spots – connections and dependencies, that make it difficult to obtain full visibility and prioritize accordingly.

Increase your security by taking fact based decisions


This challenge is well-known in organizations of all shapes and sizes. And that is why we recommend to our customers that they set up widgets (see image above) in their Insight Analytics? dashboard to identify

1)     Which systems are in fact affected by the specific vulnerability

2)     Which systems are successfully patched, and which systems are not.

Having the threat visualized like this, is hugely helpful to your mitigation strategy. You can see where to focus your efforts, and you can verify if patches are deployed successfully, and spot and revisit the systems where mitigation failed.

Finally, you are also able to document your compliance, once the dust settles.

I hope you found this interesting - get in touch if you want to know more about how Insight Analytics? can help you in your risk management efforts, and strengthen your overall security posture.

You can read the NSA’s detailed description of the vulnerability and recommendations for mitigation, here

And find the vulnerability in the National Vulnerability Database, here

And read more in Microsoft’s response center, here

要查看或添加评论,请登录

Kent Agerlund的更多文章

社区洞察

其他会员也浏览了