A new vulnerability was just discovered in Microsoft's Windows operating system that affects systems from the last 17 years. The good news is: it probably doesn't affect you.
CVE-2020-1350, aka "SigRed" was published Tuesday, and made headlines by scoring a perfect 10/10 on the standard severity scale. The exploit allows attackers to compromise an entire network with little to no action from the computer users. Because this exploit is "wormable", once any computer on the network is compromised, a virus can spread to every computer in the office and install ransomware or otherwise wreak havoc.
The United States Cybersecurity and Infrastructure Security Agency (a division of the Department of Homeland Security) released Emergency Directive 20-03 today describing the critical fault, and outlining the steps necessary to ensure the security of American businesses.
Who it affects
The good news (if you can call it that) is that this vulnerability only affects business using Windows Server and Windows DNS. This means that home users need not worry, and no software updates for customer devices are required. Additionally, most of our business clients aren't using Microsoft's Server operating system, and therefore are safe as well. However, for our clients who are running Windows Server, rapid patching was necessary.
How we can help
We reached out to some existing clients that use Windows Server in their office, and arranged to patch their systems remotely less than 24 hours after the vulnerability was announced by Microsoft.
While most of our customers are unaffected by this issue, if you think your business might be vulnerable, or you have any other computer concerns, don't hesitate to contact us.