Worms. They’re good for the soil in a garden, but they’re certainly not welcome inside an organization’s networks. Network worms can silently dig into a single PC or server on enterprise networks, then spread across it – and any other networks connected to it – without needing any interaction from users. Examples of wormable malware include 2017’s massive WannaCry and NotPetya ransomware campaigns, which highlight just how damaging worms can be.
So it’s critical to update both PCs and servers against the vulnerabilities that worms exploit in order to spread. Back in June this year, the NSA and other national security agencies warned companies to apply patches to eliminate the BlueKeep flaw, which affected around 1 million Windows PCs and servers globally and had the potential to lead to massive malware attacks.
And now two new vulnerabilities have been discovered which share genes with BlueKeep. The new flaws, CVE-2019-1181 and CVE-2019-1182, similarly have the potential to allow an unauthenticated remote attacker to connect to a vulnerable server or PC via the remote desktop protocol (RDP) and execute any code they want on that machine, just like WannaCry or NotPetya – and spread rapidly across networks
However, unlike BlueKeep, these new vulnerabilities are not restricted to older versions of Windows: they also affect more recent versions, including Windows 10 – giving the potential to impact a wider range of organizations. The good news is that there have been no proof-of-concept exploits for the flaws, and they have not been exploited in the wild.
But this doesn’t mean organizations can afford to be complacent: exploits for the flaws will surely be developed with the aim of targeting unpatched networks. Despite the urgent global warnings issued about the BlueKeep flaw over two months ago, it was recently estimated that around 400,000 corporate endpoints were still vulnerable to it.
And the day before the two new vulnerabilities were announced, the Australian Cyber Security Centre warned that a way to exploit the BlueKeep flaw had been published online. As the centre noted: “The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems.”
Finally, as we described in our earlier blog about BlueKeep, network segmentation is an effective security strategy that blocks and limits the ability of any type of malware to spread across corporate networks. AlgoSec’s solution makes it easy to define and enforce segmentation across your entire network infrastructure – whether on premise, in virtual data centers or in the cloud. This reduces your organization’s exposure to all types of cyber-attacks and risks by restricting the lateral movement of hackers or fast-moving worms, safely containing any breach and enabling it to be addressed quickly. By taking these timely preventative actions, you can ensure that attackers don’t get a chance to worm their way into and attack your networks.
Receive notifications of new posts by email.