Microsoft’s June Patching have amounted to a total of 50 vulnerabilities (and we’re just half way through). Is your business safe?
Because cyber criminals have continued to hack into business networks through un-patched Windows operating systems, making sure that you have tested patched software across your entire network may be the difference between getting a data breach or ransomware attack and being safe.
So far June seems like a month that may bring a slew of new attack vectors into play, arming cyber criminals with additional ways they’ll be able to hack onto your network and ransom your data. To date, Microsoft released a patch update addressing 50 newly found vulnerabilities.
So far, none of these security holes seem to have been exploited, but with growing advertisement of their existence, cybersecurity experts fear that vulnerabilities will become risky business if your IT Support doesn’t have a plan to address the recent patch updates.
Why should you care about these recent updates?
One of the fifty vulnerabilities is a use-after-free issue, allowing attackers to inject code to compromise your network if they are able to convince your user to open a web page or file. The file or web page could look nearly identical to an official Microsoft popup and has the potential to drastically increase the volume of business cyberattacks in Q3.
The list of critical security vulnerabilities also includes CVE-2018-8225, which impacts a Windows DNS component. You can essentially think of DNS as the phone book of the internet. With the 8225 vulnerability, an attacker is able to execute code in a local account from a malicious DNS server and could be able to send specific targeted responses to and from your system. This means that if you don’t patch this vulnerability, you may be opening doors to malicious traffic going across your network (a different way you may be unknowingly trafficking pornography).
Another vulnerability Windows is addressing in the recent June update is CVE-2018-8251, which makes it possible to exploit Windows Media applications and target users to open malicious documents or go to malicious websites. If your user clicks either onto the web page or opens the document, they would probably infect their machine with a virus that likely would spread throughout your network. By utilizing Microsoft vulnerabilities like 8251, cyber criminals are taking phishing to a whole new level—one that doesn’t rely on email! (Something your annual cybersecurity training overlooked or under-emphasized).
Another of the 50 vulnerabilities is a security vulnerability affecting HTTP protocol—a protocol for transferring files and media across the internet. In essence, this vulnerability allows for remote code execution by sending a specific code packet to a targeted server.
Last but not least, another serious vulnerability fix released in Microsoft’s latest patch updates is one that affects privileged escalation. For Windows 10 machines, Cortana can actually assist criminals hacking into a computer on your network. The flaw, related to recent classified research, allows someone with physical access to a machine to gain console access through Cortana voice commands (note: for this exploit to work, your computer would need to have Cortana enabled).
How can you make sure your patches are being applied regularly and are actually working?
Get a health check—one of the easiest ways to evaluate whether your IT Solution is doing what they say they’re doing is by getting a second opinion. If they are patching your machines regularly, these vulnerabilities should already be resolved on your network. But if they aren’t, you may be at risk of severe data exposure, cyberattacks, and network disasters.
Consider getting a free second opinion for a network security assessment (Call us to set up a no-obligation network assessment to evaluate how patches are being applied across your network).
