Maksim Kabakou - Fotolia
New Windows vulnerabilities reveal there is no rest for weary IT
The two latest Windows security vulnerabilities reiterate the importance for IT admins to stay diligent when updating and managing an organization's operating system.
Two new Windows vulnerabilities uncovered this week highlighted the importance for IT admins to maintain updated versions of their organization's OSes, according to analysts.
On Aug. 13, Microsoft posted to its Security Response Center blog a patch to a new vulnerability within its Remote Desktop Services, which supports Windows 10, as well as previous versions of Windows Server. The vulnerability was described as "wormable," referring to cyberattacks that can self-replicate and spread from computer to computer without user interaction.
The vulnerability is not unlike the BlueKeep security issues from May, which had a similar bug within Microsoft's Remote Desktop Protocol. The latest wormable vulnerability has been coined "DejaBlue."
Simon Pope, director of incident response at the Microsoft Security Response Center, urged users in the blog post to patch affected systems as quickly as possible due to the risks associated with wormable vulnerabilities.
The second security vulnerability was a 20-year-old unpatched flaw that affected all versions of Windows, dating back to Windows XP, according to public reports. It was discovered by a Google security researcher who is part of Google Project Zero, a team of security analysts tasked with finding zero-day vulnerabilities.
The vulnerability enables lower privileged applications to gain system privileges and access to other applications, potentially exposing sensitive information such as passwords. Access is gained through a flaw in the relationship between how Microsoft clients and Microsoft servers communicate.
A Microsoft spokeswoman said the company patched DejaBlue, but the vulnerability discovered by Google Project Zero will take more time.
"Other items disclosed by Google Project Zero require more time to address and we are working to resolve those according to our normal Update Tuesday process," a spokeswoman said in an email. Update Tuesday refers to Microsoft's biweekly security patch update for Windows.
The importance of IT
The latest Windows vulnerabilities underscore the importance for IT admins to keep OSes up to date and secure, according to analysts. They also expose why overreliance on Microsoft to keep their OSes secure can lead to problems, including security breaches.
"CIOs rely on Microsoft heavily in keeping their operating systems updated against any system vulnerabilities," said David Chou, analyst at Constellation Research Inc. in Cupertino, Calif. "So these types of exposures have a huge impact on the company and the customers."
Microsoft will release a patch to help organizations secure their networks, but it's up to IT admins to implement that patch and stay on top of updating their organization's OSes, according to Tim Brown, vice president of security at IT monitoring and management vendor SolarWinds Inc. in Austin, Texas.
Holger MuellerAnalyst, Constellation Research Inc.
"These latest sets of vulnerabilities continue to underscore the need to patch," Brown said. "Left unpatched, these vulnerabilities could significantly impact any business running on these operating systems."
After the BlueKeep security threat in May, risk management vendor BitSight Technologies discovered that more than 800,000 online systems had yet to patch the Windows vulnerability two months after being warned by Microsoft and the U.S. government.
Brown added that smaller organizations are at a greater threat, as they are typically targeted more by cyberattacks due to the potential that smaller organizations lack the IT bandwidth or budget to stay on top of security vulnerabilities.
"A patch program takes time and organization. It can be messy and disrupt business," Brown said. "IT administrators on the inside also need to monitor [Common Vulnerabilities and Exposures] updates and stay on top of these important patches."
Still, even if an IT admin remains diligent and up to date with patches, security concerns like the Windows vulnerabilities will never go away completely.
"Exploits are something that will always happen, and what matters is how fast the vendors fix them," said Holger Mueller, analyst at Constellation Research. "For IT, you can't afford to be on an old or unsupported OS. The liability is too high."