Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems

by Erik Briceno

Do you remember WannaCry? Two years ago, it was arguably the most destructive cyberworm in history — shutting down hospitals, banks, transportation and shipping companies. Perhaps one of the most baffling things of all, though, is the fact that WannaCry didn’t exist until two months AFTER Microsoft had already released a patch that would fix the very vulnerability the worm took advantage of.

Now, in 2019, the same thing is happening again with a vulnerability known as BlueKeep. This security risk is so severe that not only did Microsoft update Windows 10, they even went out of their way to patch its depreciated operating systems: Windows 2003, Windows XP and Windows Vista. The critical update was released weeks prior to the writing of this article.

Despite this, almost 1 million internet-connected computers remain vulnerable to the attacks.

 

The Specifics of BlueKeep

The vulnerability that BlueKeep refers to lies within what’s called the Remote Desktop Protocol, or RDP. It’s a system that allows someone to connect to another computer and operate it remotely as though they were sitting at the desk themselves — think screen sharing, but fully interactive. The problem isn’t exactly with RDP itself, but rather when two vulnerable computers connect to each other in this manner. If one of those computers were infected with something, it would spread. And the kicker is, RDP is built in by default, so it doesn’t matter if a user “wants” to use it or not. The protocol for it is there. RDP servers are built into Windows operating systems, even if the user hasn’t installed the software for making use of it. A nasty worm could exploit this vulnerability, and it’s the vulnerability itself that’s called BlueKeep.

 

Responsibility and Liability

“Please Patch Your Windows. Pretty Please?” - MicrosoftThere often comes a point where a business’s action or inaction causes harm to an individual. In the case of cybersecurity vulnerabilities like this one though, everyone is harmed. If nothing else, Microsoft has at least done their part to address and fix the issue before a malicious actor could take advantage of it. But users must do their part, too. If you’re running a business and you refuse to patch or are simply in the dark about how and when to do so, you could be opening yourself up to a plethora of legal liability — not to mention the possible destruction of your entire enterprise, the security of your employees, your clients and customers, and on and on.

These are not scare tactics designed to frighten you into hiring us. They’re uncomfortable truths packaged together with all-too-relevant social responsibility. Even if you DON’T hire us, please, patch your Windows.

Pretty please?

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

 

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
“Please Patch Your Windows. Pretty Please?” – Microsoft