Do you WannaCry some more? Microsoft warns to patch your device
Two years ago, the WannaCry ransomware attack targeted Microsoft Windows users, most of whom had not patched their systems or were using systems that were past end-of-life. Microsoft released emergency patches within a few days, but not before the attack reached more than 200,000 computers in 150 countries, including manufacturers, universities, hospitals, airlines, and more. Economic losses from the attack were estimated to be in the hundreds of millions of dollars. Cyber risk modeling firm Cyence estimated the costs to be as high as $4 billion.
Last month, Microsoft warned of a vulnerability which, if exploited, could allow for the propagation of malware similar to the WannaCry attacks. Systems impacted by this vulnerability (called CVE-2019-0708) include Windows 2003, Windows XP, Windows 7 and Windows Vista. These have been unsupported for some time now, but Microsoft has made the patch available to users now in the face of this threat. Microsoft's announcement of the CVE-2019-0708 vulnerability set off a race between organizations seeking to patch and hackers seeking to exploit. On June 4th the National Security Agency (NSA) released an advisory urging Windows users to patch this recently discovered critical wormable BlueKeep RCE vulnerability in Remote Desktop Services.
Up to a million computers or more are at risk and Simon Pope, the director of incident response at Microsoft, has said that they "strongly advise that all affected systems should be updated as soon as possible."
If you need help assessing your environment to find out if this vulnerability could impact the security of your systems and data, contact us.