This week, the National Security Agency disclosed a critical vulnerability affecting Windows 10 and Windows Server 2016/2019, as well as applications that rely on Windows for trust functionality.
According to the NSA:
“Exploitation of the vulnerability (CVE-2020-0601) allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities” (…)
“The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.” (…)
“NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability.” (…)
“Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints.”
“In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services.”
How do you know where the vulnerability is?
Disclosures of critical vulnerabilities in prevalent systems set a lot of wheels in motion internally. And quite rightly so. Risk management includes identifying the organization’s weaknesses and devising a mitigation strategy – a strategy that prioritizes the systems most critical to corporate security.
The trouble in most organizations is to identify exactly which systems – down to device level – are in the danger zone for a particular vulnerability. It is quite difficult to establish exactly where the pain points are, because the infrastructure is riddled with blind spots – connections and dependencies, that make it difficult to obtain full visibility and prioritize accordingly.
This challenge is well-known in organizations of all shapes and sizes. And that is why we recommend to our customers that they set up widgets (see image above) in their Insight Analytics™ dashboard to identify:
1) Which systems are in fact affected by the specific vulnerability
2) Which systems are successfully patched, and which systems are not.
Having the threat visualized like this, is hugely helpful to your mitigation strategy. You can see where to focus your efforts, and you can verify if patches are deployed successfully, and spot and revisit the systems where mitigation failed. Finally, you are also able to document your compliance, once the dust settles.
I hope you found this interesting – get in touch if you want to know more about how Insight Analytics™ can help you in your risk management efforts, and strengthen your overall security posture.
You can read the NSA’s detailed description of the vulnerability and recommendations for mitigation, here
And find the vulnerability in the National Vulnerability Database, here
And read more in Microsoft’s response center, here