In a new report released by the Cybersecurity and Infrastructure Security Agency (CISA), organizations were urged to install critical systems patches recently released by Microsoft to combat vulnerabilities identified in Windows.
Three key vulnerabilities have been identified that could allow attackers to decrypt, modify or inject new data on user connections.
- A spoofing vulnerability in Windows CryptoAPI (Crypt32.dll)
- A remote code execution vulnerability in Windows Remote Desktop Server
- A remote code execution vulnerability in Windows Remote Desktop Client
Should patches for these vulnerabilities not be implemented, organizations risk a network intrusion. An intrusion could result in the temporary or permanent loss of sensitive or proprietary information, disruption of regular operations, financial losses relating to restoring files and systems, and potential harm to your organization’s reputation.
According to the official report, “The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of these vulnerabilities. However, because patches have been publicly released, the underlying vulnerabilities can be reverse-engineered to create exploits that target unpatched systems. CISA strongly recommends organizations install these critical patches as soon as possible—prioritize patching by starting with mission critical systems, internet-facing systems, and networked servers.”
Is your software up to date? Do you have security measures in place to prevent cyber-attacks? PacStates can help! To learn more about how to prevent network intrusions, contact us today!
To read the full CISA report on Windows OS vulnerabilities, click here.