Microsoft rapid response to Windows patching after security scare


Users and organisations using out of support Windows Operating systems Windows XP, Windows 7, Windows Server 2003, Windows 2008 R2, Windows 2008 are being urged by Microsoft to undertake urgent patching measures, following Microsoft’s discovery of a critical remote code execution vulnerability.

The severity of its potential impact worldwide has prompted Microsoft to step in to release patches for the out of support Windows XP and Windows Server 2003.  Windows XP users will need to download the patch (Remote Code Execution CVE-2019-0708) from the Microsoft Update Catalogue.

Microsoft spokesman and Director of Incident Response, Simon Pope, speaking from their Security Response Centre advised that this exploit vulnerability was ‘wormable’.  This means that the user doesn’t have to ‘do’ anything themselves to cause the damage.  Any malware created by hackers in response to this vulnerability that links to this Microsoft code, would cause a ripple effect by cross-infecting computers through Remote Desktop Protocol (RDP). RDP would facilitate the hacker’s ability to send requests enabling arbitrary code to be run, to view, change or delete data, or create new accounts with full user rights. This was the experience in 2017 when the Wannacry attack went global.

With millions of users still using Windows 7 machines, Microsoft are not taking any chances and are taking the same holistic steps as in 2017 to seek to protect users whether using supported or unsupported systems.

Unfortunately, there doesn’t appear to be a killswitch for someone to discover in this vulnerability unlike with Wannacry, but prudent and expeditious action taken promptly by organisations and their inhouse IT teams, (or through the direct intervention of IT MSPs like Amicus ITS), can take the mitigation steps to limit impact.  Amicus ITS have already taken immediate steps to instigate the patching for all our customers. In addition, the RDP vulnerability can be mitigated by good access control and firewall management our Network Team are undertaking.

I would advise vulnerable organisations to update to the latest operating system (currently Windows 10), but check the following paths as part of risk mitigation consideration:

1. Upgrade to the latest or near latest operating systems – full mitigation
2. Consider migrating to the 365 / Azure platforms – server mitigation
3. Take up an advanced patching service via Amicus ITS – server and device patch assurance

Any organisations seeking advice or support can contact our Sales team in the first instance by calling +44 (0)2380 429429 or by emailing enquiries@amicusits.co.uk quoting ‘Microsoft Code Exploit 2019’

JP Norman is the Director of Technology, Security and Governance at Amicus ITS

Windows 8.1 dethrones XP just before Windows 10 launch

Windows-8_1

Windows XP, released back in October 2001 has finally been dethroned from its ‘2nd most popular computer OS’ title by Windows 8.1 now holding 13.12% market share. The most used OS will come as no surprise being Windows 7 which currently holds a commanding 60.89%

Microsoft ended support for Windows XP in April of 2014 so it holding the ‘2nd most popular computer OS’ title for over a year after this date is both impressive and worrying. Whilst it is worth pointing out paid extended support on specific XP versions is still available to organisations willing to spend the cash required, these exceptions are unlikely to do much to market share numbers.

Running an unsupported OS is strongly unadvised against and using it will make you and your data much more susceptible to security threats and exploits which won’t be patched up with updates having been finished.

This news also comes in very close to the July 29th launch of Windows 10 and with the 2 most popular OS’s; Windows 7 and Windows 8.1 being eligible to free upgrades for consumers all signs point to Windows 8.1 dropping back down to 3rd soon after its launch being replaced by Windows 10.

Microsoft has also detailed this week that not all users will be eligible to download Windows 10 on launch day. First in line will be member of the Windows Insider program who will be able to upgrade from their work-in-progress version to the final version on the 29th. Next up will be users who have digitally reserved their free copy and these will be notified in waves. After this Microsoft will open up Windows 10 as a free download to all Windows 7 and 8.1 users however has not stated how long after launch this will be.

This week’s technology news from Amicus ITS – Friday 12th April 2013

Windows XP – Your time is nigh
With the support for Windows XP due to run dry by April 2014, any business still using this operating system is going to find itself extremely vulnerable to security risks and potential data loss. Companies still running Windows XP need to get their upgrade to Windows 7 or 8 sorted without delay.

Microsoft preparing to launch two factor authentication for Microsoft accounts
Microsoft’s two factor authentication will rely on having a mobile App in addition to your Microsoft account and password. The ‘Authenticator’ App is available to download early on Windows Phone and is expected to also arrive later on iOS and Android. We expect the move to tighten security around Microsoft accounts comes with the company pushing their use more than ever with integration built into Windows 8, Surface, SkyDrive, Windows Phone, Xbox, Xbox Music and more.

HP target eco-friendly route for next generation of enterprise server for big data and cloud “Moonshot”, the next generation of software-defined server has been unveiled. It will use 89% less energy and cost 77% less than the existing generation of servers. Whilst this “green” news highlights the difficulties facing the capacity of server farms, it would be surprising to see a change in hardware server provision and management in the near future, due to the restrictive scope of the new technology.

Android – The Trojan horse
FairSearch a group of companies including Microsoft, Nokia and Oracle have filled an antitrust complaint relating to Google’s Android smart phone and tablet OS to the European Commission. Describing the Android platform as a Trojan horse for Google Services and free to date for phone manufactures to use, its prominent placement gives Google an unfair advantage in the lucrative internet services market. Microsoft makes money on each Android phone sold because of their patent portfolio. If the EU levies a fine on Google, it will be interesting to see if they start charging OEMS to use the Android platform to recoup some of the profits they will loss from mobile services and advertising.

Amicus ITS – Our views on this week’s new

Apple’s profits – The Bigger Picture

Research firm, Statisa have announced Apple’s profits amount to more than Google, Microsoft, Amazon, Facebook, eBay and Yahoo combined.  Their $47.1 billion profits are primarily thanks to the popularity of their well-designed, fashionable, mobile devices and the growing impact on the work environment.  Whilst we love the iPad and the iPhone, can Apple maintain this lead by using their design and phenomenal budgets to drive consumers to the next big thing?

The end of XP

This week saw the start of the 500 day countdown for the end of XP support, giving Windows 8 a fighting chance in gaining significant sales figures.  Although Windows 8 has so far seen a slow start, we think Microsoft’s big gamble will pay off.  As mobility grows, organisations will look to the best solution to meet their OS needs and we think Windows 8 will come up trumps.

Windows Phone anyone?

Microsoft is placing all bets on the new Windows 8 ecosystem to push sales of its phone division.  The new device comes with a similar look and feel to its desktops, tablets, Xbox and phones, in the hope that users will enjoy the experience on one device and try another. We think this is a smart move for Microsoft and predict that by the end of 2014, we may see the market share spilt between Apple, Microsoft and Google.

Security breaches enhance corporation’s awareness

In recent months, hacking has increased.  Many big names are currently in the firing line; Google, Yahoo and Microsoft becoming the latest.  As industry leaders succumb to security breaches, the rest of the world becomes increasingly concerned as to how secure their IT infrastructure really is.  Organisations need to step up their game and will look to managed service providers for help.