BLOG POST by Kent Agerlund. CTGlobal Founder and Principal Consultant. Microsoft Regional Director and MVP.

January 16, 2020.

Spot which of your systems are affected by the latest critical vulnerability in Windows Clients and Servers – and whether your fixes work!

This week, the National Security Agency disclosed a critical vulnerability affecting Windows 10 and Windows Server 2016/2019, as well as applications that rely on Windows for trust functionality.

According to the NSA:
“Exploitation of the vulnerability (CVE-2020-0601) allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities” (…)

“The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.” (…)

“NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability.” (…)

“Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints.”

“In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services.”

How do you know where the vulnerability is?
Disclosures of critical vulnerabilities in prevalent systems set a lot of wheels in motion internally. And quite rightly so. Risk management includes identifying the organization’s weaknesses and devising a mitigation strategy – a strategy that prioritizes the systems most critical to corporate security.
The trouble in most organizations is to identify exactly which systems – down to device level – are in the danger zone for a particular vulnerability. It is quite difficult to establish exactly where the pain points are, because the infrastructure is riddled with blind spots – connections and dependencies, that make it difficult to obtain full visibility and prioritize accordingly.

This challenge is well-known in organizations of all shapes and sizes. And that is why we recommend to our customers that they set up widgets (see image above) in their Insight Analytics™ dashboard to identify:

1) Which systems are in fact affected by the specific vulnerability
2) Which systems are successfully patched, and which systems are not.

Having the threat visualized like this, is hugely helpful to your mitigation strategy. You can see where to focus your efforts, and you can verify if patches are deployed successfully, and spot and revisit the systems where mitigation failed. Finally, you are also able to document your compliance, once the dust settles.

I hope you found this interesting – get in touch if you want to know more about how Insight Analytics™ can help you in your risk management efforts, and strengthen your overall security posture.

You can read the NSA’s detailed description of the vulnerability and recommendations for mitigation, here
And find the vulnerability in the National Vulnerability Database, here
And read more in Microsoft’s response center, here

About CTGlobal:
CTGlobal is an IT consultancy and development company focused on cloud, data center, security and enterprise client management. The corporate HQ is based in Denmark with offices in Norway, Estonia and The United States. The company was founded in 1999.
CTGlobal is Microsoft Gold Partner in Windows and Devices; Cloud Platform; Cloud Productivity and Datacenter, and our experts speak and teach at leading international seminars and conferences.
CTGlobal helps enterprises maximize return on their investments in Microsoft Systems Management and cloud platform solutions, by visualizing threats to compliance, security and performance in their IT infrastructure, and prioritize tasks and resources accordingly. CTGlobal is renowned for expert solutions and recognized as leaders in the field of management technology and infrastructure visualization.
Follow us on TwitterLinkedInFacebook

About Kent Agerlund:
CTGlobal Founder and Principal Consultant
Enterprise Client Management MVP & Microsoft Regional Director.
Microsoft Certified Trainer and Author.
Specialties: System Center Configuration Manager, Microsoft Enterprise Mobility + Security suite and Microsoft Cloud technologies
Kent Agerlund frequently gives keynotes at top industry events, leading community groups and local initiatives around the world, and delivers webinars.
See some of Kent’s recent activities here, and follow him on Twitter and LinkedIn.

Kent Agerlund, CTGlobal