The Vulnerability that Could Ruin Your Business is Here

VulnerabilitiesRisk Level: 5
Written By Alex Nette

Category

Vulnerabilities

Risk Level

Threat Levels-05.png
 

One of the easiest ways to protect yourself and your organization is by applying updates to your devices.  This includes, laptops, desktops, servers, mobile phones, Wi-Fi routers, smart TVs, and everything in between.  More importantly, you need to apply these updates, also called patches, as soon as they become available. All of this is part of a larger process we call vulnerability management, where “patches” are applied to holes in the computer code, called “vulnerabilities”.  You can find out more from one of our posts on this topic.

A vulnerability for Windows was discovered in April called BlueKeep that has the ability to really ruin your day. The vulnerability was believed to be so devastating that the Department of Homeland Security put out a warning telling people to patch the hole immediately.

“So why the red alert?”

When a vulnerability is discovered, it’s a race against time for the good guys and the bad guys.  The good guys try to figure out how to patch the hole as quickly as possible. In this case Microsoft put out patches immediately in May, including for an operating system they no longer support - Windows XP.  Meanwhile the bad guys were trying to figure out how to tie the vulnerability together with other bad code; like cryptocurrency mining. Unfortunately that moment is here.

“How bad is this?”

As of August, it is believed that over 735,000 computers around the world are still vulnerable to BlueKeep.  This vulnerability represents an open door to hackers to enter your home or your organization, and cause damage.  Microsoft published patches in May for the following vulnerable operating systems:

  • Windows Server 2003

  • Windows XP

  • Windows Vista, Windows 7

  • Windows Server 2008

  • Windows Server 2008 R2

To make matters worse, the first two operating systems are also considered “end-of-life” and Microsoft is no longer providing any other patches for them, leaving them permanently vulnerable. The remaining operating systems will be declared end-of-life on January 14, 2020.

“What does it mean for me?”

You have two main choices to protect yourself:

  1. If you are using a vulnerable operating system, find and install the patch immediately.  Check your “Windows Updates” and make sure none are available

  2. If you are using a vulnerable operating systems AND it is end-of-life or near end-of-life, upgrade your operating systems IMMEDIATELY.  You will not only be vulnerable to BlueKeep, but you will be vulnerable to any number of other vulnerabilities in the near future as well.

If you or your organization aren’t sure if you’re staying on top of your vulnerabilities, let’s talk about Hive Systems’ Vulnerability Assessment. Click the button below to start the conversation about making sure you have the latest patches applied so you can slam the door shut on hackers.

 

Follow us - stay ahead.

Read more of the ACT

Featured
Are Your Passwords in the Green?
Are Your Passwords in the Green?

It's the 2024 update to our Hive Systems Password Table - including using a new “most-hacked” password hash. See why our Password Table has been shown and written about on the news, published by universities, and shared by companies across the globe. Learn more and download your copy!

Let’s Talk About Cookies!
Let’s Talk About Cookies!

Cookies help enhance our browsing experience, but what are the risks? Learn more about how cookies work, what data they collect, and how you can protect your data from misuse.

Navigating the Dual Impact of AI in Cybersecurity
Navigating the Dual Impact of AI in Cybersecurity

Artificial Intelligence (AI) is set to be the newest ally for many companies, but it’s also set to be the newest threat.

Alex Nette https://www.hivesystems.com/alex-nette
Previous

Most Companies Take Six Months to Detect a Data Breach
Next

The Top 10 Hacked Passwords