In June 2007, Microsoft released a pack of 4 critical patches:
- MS08-067 (Remote-Code Execution in Server Service [KB958644])
- MS10-061 (Remote-Code Execution in Print Spooler Service [KB2347290])
- MS17-010 (Remote-Code Execution in SMB Server Service [KB4012598])
- MS17-013 (Remote-Code Execution in Microsoft Graphics Component [KB4013075])
These patches all relate to a potential remote attack against a device to exploit a service, and take control over the PC. Some of these patches are historic (such as KB4012598), although they have been included in the pack as these relate to vulnerabilities that were recently disclosed to the public (mainly from the NSA exploit breach).
Microsoft have also stated that administrators will want to manually install these updates, as they may not be received via the automated windows update service. Due to this, the patches pack will need to be downloaded from Microsoft’s website and manually applied to all affected devices.
The affected devices are as such:
|Windows Server 2003||Y||Y||Y||Y|
|Windows Server 2008 + R2||Y||Y||Y||Y|
|Windows Server 2012 + R2||-||-||Y||Y|
|Windows Server 2016||-||-||Y||Y|
As shown, the main OS versions which are vulnerable range between Windows XP to Windows Server 2008 and 2008 R2. These are older devices, but there are still a lot of organisations who have not upgraded their computers to higher versions of Windows OS. As older OS versions are common, it means that it is extremely important that these patches are applied to the devices.
The MS17-013 update is equally important to be installed on more recent versions of Windows, as it affects the following software:
- Office 2007 SP3 and Office 2010 SP2
- Skype for Business 2016, Lync 2013 SP1 and Lync 2010
- Silverlight 5
If any device is running a version of these software’s, then it is vitally important to get the MS17-013 patch installed, as these programs are vulnerable to remote code execution.
Overall, these 4 patches should be immediately pushed out to all vulnerable devices to deter any remote attacks. They should be manually installed on each device, followed by a reboot to ensure the machine is properly protected.
Why am I highlighting this?
Basically, it’s because for the 2nd month in a row Microsoft have released patches for Operating Systems that are out of support.
Why would they do this again? Well it’s my gut feeling that MS are aware that due to the NSA leaks these vulnerabilities will be targeted by Malware in the coming weeks and months. What do they know that we don’t?
That’s not a question we can answer, but what we can say is that if you are running XP or Server 2003 then getting these patches manually installed is vital. The next attack will come, and thankfully this time (unlike Wannacry) people will have had the chance to patch their legacy OS’s before the attacks start. Let’s just hope they do!
If you do need any help or advice, please give us a call on 01923 537247, and I or one of my colleagues would be more than happy to assist.
Written by Fergus Martin, 1st line team leader.