COVID-19: IT Security is bumped back. Remember to check, if updates are successful.
A remote code execution vulnerability disclosed in SMBv3 highlights the stress enterprise security is under, with most of the workforce working from remote
By Kent Agerlund, CTGlobal Founder and Principal Consultant. Microsoft Regional Director and MVP in Enterprise Mobility.
March 20, 2020
IT security is suffering in enterprises, as a large part of the workforce have moved offsite, to work from home. And even as security teams struggle to keep their infrastructures safe, an extremely critical vulnerability was disclosed in Microsoft Server Message Block 3.1.1 (SMBv3).
In addition to security patches to this vulnerability, Microsoft has released an update package for Windows 10 version 1903 and newer, with patches for 117 vulnerabilities.
The vulnerability in SMBv3, CVE-2020-0796, is given the highest CVSS Base Score: 10. It is registered in CVE as a remote code execution vulnerability that exists “in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.”
The SMB is a protocol for sharing files, printers, and other resources on local networks and the Internet, and the vulnerability allows attackers to connect to remote systems where the SMB service is enabled and run malicious code with system privileges, allowing for remote takeovers of vulnerable systems..1
You need to act now – in spite and because of COVID-19
All of this calls for urgent updates to your systems – you need to get those patches deployed, and do it now. Especially since, as has become clear to everyone over the past week, your organization is more vulnerable than ever because ‘business is unusual’.
For organizations and users who have activated automatic updates of their Windows 10 systems, the updates are already implemented. So normally, they would be good to go.
But at the moment, with such a large share of users working from home, IT ops in many organizations have put the infrastructure on “freeze” to keep it stable, which means updates aren’t rolled out at the moment.
And in organizations with a highly complex and security-centric infrastructures, updates are not implemented automatically anyway.
We help you see what’s going on
Whether you have automated update processes or have to deploy the patches manually, you will want to make sure they are rolled out throughout the organizations.
Over the years, my team and I have seen thousands of examples of deployments and fixes that never reached their destination: Configuration errors, restart failures and any number of other things can trip up the best-planned roll-outs. The key to successful deployment is to go back and check that implementation was, in fact, successful.
One of the most useful features in our infrastructure health state visualization tool, Insight Analytics™, is that it is super quick to set up a widget, that tracks a specific security risk: In a few minutes we are able to identify exactly which systems – at device level – are affected by the vulnerability, and which systems are missing updates. (You can see an example of the information in the screenshot above).
This means that, when you get a notification about a software vulnerability, you can look through your infrastructure, and identify exactly what you need to patch.
And when you think you are all done patching, you can go back and check that the patch was installed and actually worked.
With the information readily available to you, you are able to not only keep your systems secure, you are also able to document to the business that you are compliant.
If you want to now more about how we can help identify and act on risks, and track developments, get in touch.
Visit our COVID-19 Enterprise IT resource page where you can sign up for more blog posts, and live and on-demand webinars
CTGlobal is an IT consultancy and development company focused on cloud, data center, security and enterprise client management. The corporate HQ is based in Denmark with offices in Norway, Estonia and The United States. The company was founded in 1999.
CTGlobal is Microsoft Gold Partner in Windows and Devices; Cloud Platform; Cloud Productivity; Datacenter; and Enterprise Mobility Management, and our experts speak and teach at leading international seminars and conferences.
CTGlobal helps enterprises maximize return on their investments in Microsoft Systems Management and cloud platform solutions, by visualizing threats to compliance, security and performance in their IT infrastructure, and prioritize tasks and resources accordingly. CTGlobal is renowned for expert solutions and recognized as leaders in the field of management technology and infrastructure visualization.
Follow us on Twitter – LinkedIn – Facebook
About Kent Agerlund:
CTGlobal Founder and Principal Consultant
Enterprise Client Management MVP & Microsoft Regional Director.
Microsoft Certified Trainer and Author.
Specialties: System Center Configuration Manager, Microsoft Enterprise Mobility + Security suite and Microsoft Cloud technologies
Kent Agerlund frequently gives keynotes at top industry events, leading community groups and local initiatives around the world, and delivers webinars.
See some of Kent’s recent activities here, and follow him on Twitter and LinkedIn.