Microsoft released a patch on May 14, 2019 for fixing a ‘wormable’ vulnerability found in Windows, which is the same as the vulnerability exploited by attackers in the WannaCry ransomware attacks in May 2017.
The vulnerability concerned the execution of a remote code in Remote Desktop Services – formerly Terminal Services – that is exploitable via RDP.
To exploit the CVE-2019-0708 vulnerability, an attacker could send specially made requests via RDP to an insecure network. There’s no authentication needed and the vulnerability could be exploited without user interaction.
Exploitation of the vulnerability could allow malware to be passed on from one infected computer to another vulnerable computer hooked up in the network. If using ransomware, the attacker could encrypt healthcare company files extensively and interrupt operations.
Microsoft didn’t get any report concerning active exploitation of the vulnerability yet. Nonetheless, it is likely that this vulnerability will be exploited and bundled into malware.
Windows 8 and Windows 10 are not affected by the vulnerability. Only the earlier versions of Windows are affected. Even so, the healthcare industry is concerned about the vulnerability as many healthcare companies still employ the earlier operating systems.
Microsoft had issued patches for Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows XP and Windows 2003. Companies using these operating systems but can’t apply the patch can opt for the workaround. Block TCP port 3389 and activate Network Level Authentication to prevent the exploitation of the vulnerability. For those that can apply the patch must do so right away the instant the patch is available.
The 2017 WannaCry attacks became successful because of slow patching. Definitely, a lot of companies did not apply patches quick enough. The WannaCry attacks happened in May though the MS17-010 patch was available in March. The attacks could have been averted if companies applied the patch promptly.
WannaCry terribly affected the UK’s National Health Service (NHS). 33% of NHS Trusts and 8% of GP practices were affected. NHS lost around £92 million and cancelled 19,000 scheduled consultations. The cost associated with WannaCry attack globally is roughly $4 billion.
The results may be a lot worse if CVE-2019-0708 is exploited. The next malware variant to be used may not have an easy kill switch as the WannaCry.
Aside from the wormable vulnerability, Microsoft addressed 21 more critical flaws, including one actively exploited and one announced publicly prior to the patch release. Patches were additionally issued to take care of a new type of vulnerability in Intel processors. A threat actor could use Microarchitectural Data Sampling (MDS) flaws to launch malware capable of getting the sensitive data from virtual machines, applications, operating systems and trusted execution environments.