My TechDecisions

IT Infrastructure, News

Microsoft Makes Security Updates Affecting Windows TCP/IP Implementation

Microsoft's security updates affecting TCP/IP implementation may not have been known to threat actors, but company strongly suggests updates ASAP.

Leave a Comment

Microsoft Data Center

The Microsoft Security Response Center says they’ve released a set of fixes for Windows TCP/IP implementation, including two Critical Remote Code Execution (RCE) vulnerabilities and a Denial of Service (DoS) vulnerability.

In a recent statement, the Center said the vulns were complex and hard to create into actual exploits.

“We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.”

More from the statement:

The DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.

If applying the update quickly is not practical, workarounds are detailed in the CVEs that do not require restarting a server.

These three vulnerabilities are unique and require separate workarounds depending on the exposure of an affected system; however, they can be thought of in terms of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) solutions.

The Windows-maker says it “is essential” that Windows users apply the updates to address the vulnerabilities ASAP.

The statement says that they have no evidence that the vulns were known to any threat actor.

“It is important that affected systems are patched as quickly as possible because of the elevated risk associated with these vulnerabilities, and downloads for these can be found in the Microsoft Security Update Guide,” their statement says. “Customers who have automatic updates enabled are automatically protected from these vulnerabilities.”

Preventing computer vulnerabilities

If you or your department isn’t already taking these steps towards the prevention of computer-related vulnerabilities, it’s time to take action:

  • utilize user access levels to determine who can access what
  • establish strong, multifaceted network policies which include the use of “strong,” often-updated passwords, regular system updates, up-to-date antivirus software, and the prevention of unauthorized equipment connecting to the network
  • a system to monitor network traffic
  • ethical hacker” penetration testing

 

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Introducing the IT Pro MBA: Vetting Technology

At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. ...

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales