BlueKeep, Or, A Tale of Patches and Plug-Ins
One of the most important things that you can do to keep your company’s networks safe is to make sure you install patches and updates as soon as they are available. Many attacks take advantage of known vulnerabilities that simply have not been implemented at the victim’s site.
A recent example comes from Microsoft’s Remote Desktop Services. Microsoft’s CVE-2019-0708 (aka, BlueKeep) advisory, released in May 2019, describes a very serious vulnerability that is “pre-authentication,” meaning it can strike even without interaction from the user. That means “worms” can exploit the vulnerability and propagate from computer to computer. Worms have the potential to spread incredibly quickly. For example, the 2017 WannaCry ransomware attack hit over 200,000 computers within a few days before a way was found to stop it. Yet early reports indicate that close to a million computers and servers in the USA alone remained unprotected as much as several weeks after the patch came out.
One challenge for companies is that while the IT professionals in the office are likely to be conscious about patching and updating company systems promptly, users in the field are notoriously slow when it comes to installing updates. It’s the job of your IT team to make sure all security patches and updates are installed promptly. End users may ignore or simply not notice emails coming from a software vendor or the IT department asking them to install a patch or an upgrade. Alternatively, they may not think it’s that important, or they may put it off for a more convenient time.
What can you do to protect yourself from lazy or unaware end users?
You can try exhorting users to update promptly. Some users will; many won’t. A better solution is to virtualize and centrally manage desktops and applications wherever possible, so that trained professionals can enforce proper IT hygiene. By minimizing the amount of locally installed software, as well as the reliance on end users to patch their systems and software, you can reduce a significant attack vector for infections, dramatically improving your organization's security posture (see our post on Virtual Computing as a Security Solution).
One of the best practices in securing virtual computing implementations is to use a clientless solution, so you don’t have to worry about whether or not end users are updating the client software promptly, either. For example, solutions such as Ericom AccessNow and Ericom Connect provide clientless access to hosted resources from any device equipped with an HTML5-compatible browser, with no plugins or client-side configuration needed. There are several advantages to this approach:
- Better security, as there are no extra plugins or configuration files on the end user device that could have exploitable vulnerabilities.
- Fewer calls to the helpdesk because a remote access client quit working because the user failed to install a required update.
- Happier users with fewer complaints about hassles or performance degradation from client software.
Of course, a clientless virtual computing solution is not a panacea that solves all your problems. A vulnerability such as the one described here could still be exploited on the server side. Moreover, there are many other attack vectors that must be secured – most significantly, email and web browsing. Nonetheless, this approach helps minimizes the human factor as a security risk and frees up IT staff so that they can focus more on securing critical infrastructure, rather than trying to manage and patch hundreds or thousands of endpoint devices. Even better, a virtual client computing model can also offer significant cost savings.
Contact us today to learn how Ericom can help you improve your organization's security posture,
even in complex and hard-to-manage IT environments