Newly Discovered Security Flaws Put Windows Users at Serious Risk

Microsoft Vulnerability Affects Most Recent Operating Systems

Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue.

Is Windows Secure

Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft recently issued.

What Are the New Microsoft Security Flaws?

Nicknamed DejaBlue, the two security flaws are designated CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerabilities Microsoft issued patches for in May 2019. The newest flaws, like Bluekeep, could allow hackers to create so-called “wormable” attacks that easily can be spread from one computer to another without any interaction from a user.

The main difference is that the newer security vulnerabilities are potential threats to newer versions of Windows products.

What Systems Does DejaBlue Affect?

There are potentially hundreds of thousands of computers that could be affected by the Windows worm. They sit within the Windows Remote Desktop Services (RDS) package. According to Microsoft, the vulnerabilities could affect the following systems:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 10 (all supported versions, including server versions)

That’s a massive number of potential targets that could be infected if the patches are not deployed and active monitoring tools are not in place.

Windows XP, Windows Server 2008 and Windows Server 2003 are not affected.

How Does DejaBlue Work?

Like with BlueKeep, the vulnerabilities can be used to exploit RDP, a tool that administrators use to connect to other computers on a network. Hackers could then use that exploit to code and load a worm that is automated. It would “jump” from one computer to another, potentially affecting millions of computers quickly.

What makes the DejaBlue and Bluekeep vulnerabilities so dangerous is that they can propagate without any user interaction.

What’s more dangerous is that the new vulnerabilities differ from BlueKeep, which targeted Windows 7 operating systems. The new exposures could affect Windows 7 and all recent versions of Microsoft’s operating systems. That amplifies both the risk and the potential impact.

“At this point, nearly every contemporary Windows computer needs to patch, before hackers can reverse engineer those fixes for clues that might help create exploits,” notes Wired magazine.

While a British intelligence agency, GCHQ, is credited with identifying BlueKeep, Microsoft notes that it identified the new threats itself. To date, no evidence that exists that indicates the vulnerabilities were known to third parties, the company said.

“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Microsoft said in a release.

The scale of the potential damage is extraordinary. As of July 2019, there were as many as 800,000 computers worldwide that were still vulnerable to BlueKeep, with a much larger potential threat from DejaBlue.

What Can We Do to Protect Against Cybersecurity Threats?

The key to maintaining a secure network is developing a comprehensive, multilayered security strategy. A managed services provider can partner with you to develop a cybersecurity plan that includes:

  • Comprehensive network perimeter monitoring using next-generation firewalls to detect, contain, disable and destroy threats
  • Continuous monitoring of systems, endpoints and users
  • Automated downloading and installation of software and firmware updates, upgrades and patches that respond to emerging threats
  • Anti-malware, anti-spam and anti-virus software installed on each user’s machine or device, updated automatically, and analyzed to determine potential threats
  • Email and data encryption
  • Password security, including multifactor authorization
  • Mobile device management, including remote location finding, disabling and wiping functions
  • Cloud solutions for secure hosting of data, apps and operating systems
  • Business continuity and disaster recovery planning
  • Employee training

Having the right security in place greatly reduces your risk of being affected by a cyberattack that can debilitate your business, ruin its reputation and cost thousands to repair.