The Microsoft Security Response Center says they’ve released a set of fixes for Windows TCP/IP implementation, including two Critical Remote Code Execution (RCE) vulnerabilities and a Denial of Service (DoS) vulnerability.
In a recent statement, the Center said the vulns were complex and hard to create into actual exploits.
“We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.”
More from the statement:
The DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.
If applying the update quickly is not practical, workarounds are detailed in the CVEs that do not require restarting a server.
These three vulnerabilities are unique and require separate workarounds depending on the exposure of an affected system; however, they can be thought of in terms of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) solutions.
The Windows-maker says it “is essential” that Windows users apply the updates to address the vulnerabilities ASAP.
The statement says that they have no evidence that the vulns were known to any threat actor.
“It is important that affected systems are patched as quickly as possible because of the elevated risk associated with these vulnerabilities, and downloads for these can be found in the Microsoft Security Update Guide,” their statement says. “Customers who have automatic updates enabled are automatically protected from these vulnerabilities.”
Preventing computer vulnerabilities
If you or your department isn’t already taking these steps towards the prevention of computer-related vulnerabilities, it’s time to take action:
- utilize user access levels to determine who can access what
- establish strong, multifaceted network policies which include the use of “strong,” often-updated passwords, regular system updates, up-to-date antivirus software, and the prevention of unauthorized equipment connecting to the network
- a system to monitor network traffic
- “ethical hacker” penetration testing