A new Windows vulnerability, exploited by cybercriminals

CVS (Common Vulnerabilities and Exposures) is a system that registers and provides information about known security vulnerabilities. According to CVS, 16,555 vulnerabilities have been discovered in the last year, of which, over 25% are of high or critical severity. In fact, the number of vulnerabilities discovered each year has shot up in the last two years: 6,447 vulnerabilities were discovered in 2016; in 2017 that figure rose to 14,714.

Vulnerabilities in IT systems have played a decisive role in some of the most serious security incidents of the last few years. A vulnerability called EternalBlue was used to carry out attacks such as WannaCry, which affected over 300,000 companies all over the world, and cost a total of around $4 billion. The malware NotPetya, which came to light just a month later, was able to get onto systems thanks to this vulnerability, stealing passwords in order to take control of the network that it accessed. A piece of malware called Adylkuzz also made use of EternalBlue in order to download a series of commands onto infected computers, which were then used to generate and extract cryptocurrencies.

Vulnerabilities also had a hand in some of the most significant data breaches in history: Equifax suffered one such breach that affected 145 million people. This breach was made possible by a vulnerability in its web application framework. In September last year, almost 50 million Facebook accounts were exposed to an attack that was carried out using a vulnerability in the social network.

The vulnerabilities in Windows

Even such a robust operating system as Windows can’t escape the far-reaching problems that vulnerabilities pose. Last year, in September and October, two zero-day vulnerabilities were discovered in the Windows 10. Both of these vulnerabilities allowed privilege escalation.

Now, on March 12 this year, a zero-day vulnerability was discovered that affected both Windows 8 and Windows 10. This vulnerability in the Microsoft Windows graphic subsystem allows a cybercriminal to introduce a piece of malware in the computer, and thus take control of the device.

More worrying than the discovery of the vulnerability is the fact that it seems to have already been used by at least two threat actors in real attacks. One of these threat actors could be FruityArmor, a group of cybercriminals known for exploiting zero-day vulnerabilities.

Patch possible vulnerabilities

Microsoft has already launched a patch to fix this vulnerability, and it should be installed as soon as possible. Besides this, it is also a very good idea to make sure that all programs are fully updated in order to avoid possible security problems.

In order to streamline the process of searching for and applying patches that are vital for your company’s security, Panda Security has launched Panda Patch Management. Patch Management, a complementary module of Panda Adaptive Defense, audits, monitors, and prioritizes updates on operating systems and applications.  In exploit and malicious program detections, it notifies you of pending patches. Installations are launched immediately, or scheduled from the console, isolating the computer if needed.

What’s more, Panda Adaptive Defense has another module that helps to keep your IT system safe: Panda Advanced Reporting Tool. This module automates the storage and correlation of the information related to process execution and its context extracted by Panda Adaptive Defense from endpoints. This way, Advanced Reporting Tool can generate security intelligence and provide tools that allow organizations to pinpoint attacks and unusual behaviors. This allows vulnerabilities that may exist in the company’s IT network to be detected early.

It is clear that vulnerabilities are a great risk for your company’s IT security. And if your company uses Windows 8 or 10, it is very likely that this latest vulnerability will directly affect you. As such, it is vital that you keep your systems updated at all times.

Leave a Reply

Your email address will not be published. Required fields are marked *