Comprehensive Software Reviews to make better IT decisions
Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk
Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE). The vulnerability applies to all versions of IE on Windows, which can corrupt memory so that attackers can execute arbitrary code. Programs include Internet Explorer and Windows Server 2008 through to Windows 2018.
Source: Microsoft Windows 7 Download at Microsoft, updated January 2020
The vulnerability works so that an attacker could execute code in the context of the current user – meaning that a hacker could gain the same user rights as the current user on the system. “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.” This would allow them to then install malicious programs, delete data, or create new accounts remotely. Microsoft further explained the attack method would most likely be “a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
Microsoft is aware of limited targeted attacks that have already taken advantage of this vulnerability. However, a patch won’t be released until next month’s Patch Tuesday. Internet Explorer and older versions of Windows still have a high user rate among businesses. Windows 7 has the second largest market share of all desktop operating systems at 32.74%. This user rate is only beaten by its successor, Windows 10 at 47.65%. This means devices are using unsupported Windows 7 today. These devices are currently an extreme security risk.
One solution is to simply use another browser. For businesses that are unable to move away from the old Internet Explorer and Servers for operational reasons, there are some additional mitigation factors they could consider. Running the programs in a restricted mode will reduce the chance of malicious content from being able to make changes on the devices. ØPatch has created a temporary micro patch to address the problem to use as a stopgap until Patch Tuesday. Users of Windows 7 and older Windows products should be vigilant against any unsolicited emails that may be attempting to direct you to a malicious site.
Want to Know More?
Since its acquisition of Rsam in 2019, Galvanize (formerly ACL) has maintained its high-quality delivery of cloud-based security, risk management, compliance, and audit software. Recognized as one of Canada’s Best Managed Companies, Galvanize’s comprehensive product offerings have not gone unnoticed.
GTB Technologies has been recognized as “Best Data Loss Prevention Solutions Provider for 2020.” With organizations addressing digital transformation and a growing remote workforce, the risk of data breaches is increased from both insider and outsider perspectives.
SC Media had its recent 2020 SC Awards Honored in the U.S. event and has awarded Qualys recognition for Best Vulnerability Management Solution in the “Trust Awards” category.
RSA Archer, a leader in the governance, risk, and compliance space has been acquired by Symphony Technology Group, based in Palo Alto, California. Symphony, a private equity firm, has investments in a cross section of companies in the analytics space, HR and recruitment, and supply chain among many others.
Qualys announced its new flagship product, Qualys VMDR, at RSA Conference 2020. According to the Qualys website, VMDR will be available after March 30, 2020.
There is a vulnerability at the layer 2 Wi-Fi encryption level called Kr00k (formally CVE-2019-15126 in the NIST National Vulnerability Database) affecting Broadcom and Cypress Semiconductor Wi-Fi devices.
Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.
Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.
Startup security vendor SECURITI.ai wins RSAC “Most Innovative Startup” at the RSA Conference 2020 Innovation Sandbox Contest.