COVID-19: IT Security is bumped back. Remember to check, if updates are successful.

A remote code execution vulnerability disclosed in SMBv3 highlights the stress enterprise security is under, with most of the workforce working from remote

By Kent Agerlund, CTGlobal Founder and Principal Consultant. Microsoft Regional Director and MVP in Enterprise Mobility.
March 20, 2020

IT security is suffering in enterprises, as a large part of the workforce have moved offsite, to work from home. And even as security teams struggle to keep their infrastructures safe, an extremely critical vulnerability was disclosed in Microsoft Server Message Block 3.1.1 (SMBv3).

In addition to security patches to this vulnerability, Microsoft has released an update package for Windows 10 version 1903 and newer, with patches for 117 vulnerabilities.

The vulnerability in SMBv3, CVE-2020-0796, is given the highest CVSS Base Score: 10. It is registered in CVE as a remote code execution vulnerability that exists “in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.”
The SMB is a protocol for sharing files, printers, and other resources on local networks and the Internet, and the vulnerability allows attackers to connect to remote systems where the SMB service is enabled and run malicious code with system privileges, allowing for remote takeovers of vulnerable systems..¹

You need to act now – in spite and because of COVID-19
All of this calls for urgent updates to your systems – you need to get those patches deployed, and do it now. Especially since, as has become clear to everyone over the past week, your organization is more vulnerable than ever because ‘business is unusual’.

For organizations and users who have activated automatic updates of their Windows 10 systems, the updates are already implemented. So normally, they would be good to go.
But at the moment, with such a large share of users working from home, IT ops in many organizations have put the infrastructure on “freeze” to keep it stable, which means updates aren’t rolled out at the moment.

And in organizations with a highly complex and security-centric infrastructures, updates are not implemented automatically anyway.

We help you see what’s going on
Whether you have automated update processes or have to deploy the patches manually, you will want to make sure they are rolled out throughout the organizations.

Over the years, my team and I have seen thousands of examples of deployments and fixes that never reached their destination: Configuration errors, restart failures and any number of other things can trip up the best-planned roll-outs. The key to successful deployment is to go back and check that implementation was, in fact, successful.

One of the most useful features in our infrastructure health state visualization tool, Insight Analytics™, is that it is super quick to set up a widget, that tracks a specific security risk: In a few minutes we are able to identify exactly which systems – at device level – are affected by the vulnerability, and which systems are missing updates. (You can see an example of the information in the screenshot above).

This means that, when you get a notification about a software vulnerability, you can look through your infrastructure, and identify exactly what you need to patch.
And when you think you are all done patching, you can go back and check that the patch was installed and actually worked.

With the information readily available to you, you are able to not only keep your systems secure, you are also able to document to the business that you are compliant.

If you want to now more about how we can help identify and act on risks, and track developments, get in touch.

Visit our COVID-19 Enterprise IT resource page where you can sign up for more blog posts, and live and on-demand webinars