Category
Anti-VirusIn this week’s newsletter I told you the antivirus on every Windows machine had a hole. Here is the part that matters more than the flaw itself: whether the fix ever reached your machines, and why that gap, not the flaw, is what actually gets businesses robbed.
See Where Your Business Stands →
A plain A-to-F grade on your Windows PCs. No card needed to see it.
The problem: The one tool almost every business trusts without a second thought, Windows Defender, turned out to hold a master key to the whole machine. But this Windows Defender flaw is not really the story. The story is that a fix shipping in Redmond does nothing for the computer in your back office that nobody ever updates.
The straight answer: Small businesses almost never get robbed by some genius zero-day. They get robbed through a known hole with a fix nobody installed. Close the gap, on every machine, and you shut the door the crooks actually use. I will show you how, and exactly what we do about it.
Hey folks! Let me explain this Windows Defender flaw the way I would to a friend over coffee, because the plain version is scarier than the technical one. Windows Defender, which Microsoft now calls Microsoft Defender, is the antivirus built into every Windows computer. Researchers nicknamed this flaw RoguePlanet.
Here is the mechanic that matters. A real attack on your business is almost never one big kick through the front door. It is a chain. Step one, the crook gets a small foothold, a limited account, usually through a phishing email or an app nobody patched. On its own that foothold is not much. They are standing in the hallway, not the vault. Step two is where they need a way to go from “limited user” to “owns the entire machine,” and that is exactly what RoguePlanet handed them. It let an attacker use your own antivirus, the guard, to promote themselves to full control.
Sit with the irony for a second. The program whose entire job is to stop the break-in was the tool that would have handed over the master key. Full control means everything: read your files, install their own software, plant ransomware, and dig out the accounts your team logs into from that machine.
And this is not theoretical. A researcher already built a working demonstration of the attack and published it, so the blueprint is out in the open. Microsoft confirmed the problem on June 16 and did not ship the fix until July 9, about three weeks, while hundreds of millions of machines sat waiting. Defender is on by default on every modern Windows computer, so this was not a niche tool. It was the guard at almost every door in the country.
Now here is the insight almost every headline about a Windows Defender flaw misses. Vulnerabilities are normal. They are found and fixed every single week, and always will be. The flaw is not what gets you. The gap gets you, the window of time between the day a fix exists and the day your machines actually install it.
Microsoft’s gap was three weeks. June 16 to July 9. Bad enough.
Your business’s gap can be forever. A patch that shipped July 9 does nothing for the machine that has been powered off in the corner for two weeks, or the laptop a part-timer took home.
The crooks moved the moment the fix went public. This is the part people get backwards. A published patch is a treasure map. It tells every criminal exactly what the hole was and who has not closed it yet.
That is how ransomware crews actually work. They are not writing exotic new attacks. They are shopping from this month’s patch notes, scanning the internet for the machines still standing open.
So let me say the quiet part out loud. Your business will almost never be taken down by some brilliant zero-day nobody has seen. It will be taken down by a known hole with a fix nobody installed, which is just an unlocked door with a sign on it that says “unlocked.” The whole game is closing that gap fast, on every machine, and knowing you did.
Here is the opinion I have earned in more than 35 years of doing this. The most dangerous sentence in small business is “we have antivirus, we’re fine.” It feels like an answer. It is actually the reason so many businesses get hit, because it ends the conversation right where the real work starts.
Think about what this flaw just proved. The antivirus itself was the weak point. Leaning on Microsoft to secure Microsoft is a bit like the fox guarding the henhouse. And “built in” is a marketing phrase, not a promise. It means “good enough by default,” not “watched, maintained, and current on every machine you own.”
Real security is not a product you buy once and forget. It is a discipline, like changing the oil, and the whole discipline comes down to one boring question you probably cannot answer right now: which of my machines installed this month’s fixes, and which did not? If you cannot answer that, you do not have a security problem, you have a visibility problem, and you cannot close a door you cannot see.
That is the honest gap in most small businesses. Not a lack of tools, a lack of eyes. Your IT person, if you have one, updates Windows. Windows Update runs by default. But who is walking the whole fleet, every machine, confirming the fixes landed and the doors are shut? For most owners the true answer is nobody, and the crooks are counting on exactly that.
You do not need to wait for anybody. Three moves, no cost, and they close the door this week and start closing the gap for good.
1. Turn on automatic updates on every machine, not just your desk.
Every computer installs Windows updates automatically. Not “remind me later,” not “this weekend.” And do not stop at Windows, the same goes for Adobe Reader, your browsers, Zoom, and every other program, because Windows Update does not touch most of them. That one habit closes this Windows Defender flaw and a hundred quieter ones.
2. Count the machines you actually have, including the forgotten ones.
You cannot protect what you have not counted. List every computer in the business. The old back-office box and the take-home laptop count double, because they are the exact machines the fix never reaches and nobody is watching.
3. See your gap, in plain letters.
Run a Reveal scan on your Windows computers and get a grade, A to F, on each one, with the out-of-date programs and open doors laid out in plain English. In a few minutes you go from “I think we’re patched” to knowing exactly which machines are behind. It is the same first step most of the businesses I now manage took before they became clients.
My father fell for a phishing email. I have spent my whole career in this, and it still got him. Scammers got remote access to his computer and started hunting for his financial papers. My step-mother noticed something was off, called me, and I stopped them remotely before they reached his bank credentials. We caught it in time. And yes, his computer had antivirus. It did not matter, because the problem was never the antivirus, it was that nobody was watching the gap.
I have spent more than 35 years at this, since 1991. FBI InfraGard. Not one client I manage has ever been hit by ransomware, and it is not luck. It is that we keep the gap near zero on every machine and we are watching when the crooks come shopping from the patch notes. That is the difference between a product and a guide.
Maybe. Ask him one plain question: which machines installed this month’s patches, and which did not? Not “is updating turned on,” but “show me the list.” Windows itself usually gets done because it updates by default. The gap hides in the machine that was off for two weeks, the corner box running the label printer, the other 40-odd programs Windows Update never touches. Nobody notices those until one of them is the way in.
And if your fleet is genuinely in good shape, a scan tells you that in a few minutes. No scare tactics, just the letter grade.
No hand-waving. Here is exactly what you get:
Book a Fit Call →
A straight conversation about where you stand and whether we can help. That is it.
Want this kind of plain-English security news every week? Sign up for Craig’s Insider Notes at CraigPeterson.com.
#WindowsDefender #PatchManagement #SmallBusinessSecurity #Ransomware #ForwardToSafety
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Join 10,000+ cybersecurity professionals