Craig discusses a big problem right now. This particular vulnerability is called a zero log-on vulnerability. What that means is your computer is vulnerable to attack without the bad guy, actually having to log on to the computer. Very, very, very. Bad. Okay. Known as an escalation-of-privilege problem. Microsoft has come out and issued some patches. Apparently, it’s not going to be fully fixed for a while. Thanks, Microsoft (said firmly with my tongue in my cheek!)
For more tech tips, news, and updates, visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] We are right now under attack. This is the windows vulnerability that I mentioned live on the air here a couple of weeks ago, it’s not patched up by most people and it’s really, really bad.
Hey everybody, you’re listening to Craig Peterson.
Well, this is a big problem right now. This particular vulnerability is called a zero log on vulnerability. What that means is your computer is vulnerable to attack without the bad guy, actually having to log on to the computer. Very, very, very. Bad. Okay.
Now, this is an escalation-of-privilege problem. Microsoft has come out and issued some patches. Apparently, it’s not going to be fully fixed for a while, from everything that I was reading.
This is crazy because what’s happening is they are using domain controllers and remote procedure call login servers in order to get in. So if you’re just running a regular windows machine in your house, obviously you want to keep it up to date.
But this particular exploit is against these servers that are out there. The servers specifically are those that have exposed domain controllers and remote procedure calls also called RPC login servers.
Why do you use those? Well, most businesses use those types of servers to allow people to log in remotely. Who logs in remotely? Well, its employees, right? We’re there in our homes, we’re trying to get into the office. So we use a domain controller. We are sending RPC calls here for the login servers. You may not know what’s actually going on behind the scenes, but that’s what it actually is. Now there’s a search that you can do on a line. There’s a couple of different searches to find. These exposed servers, very, very big binary edge.io. There’s a couple of others also let you know about it, but okay. They show more than 33,000,000 million networks that are exposing domain controllers. This is absolutely crazy here.
In the event, a single network has both resources exposed, the combination can leave the network-wide open with no other requirements. Okay. It’s very, very, very, very bad. I don’t want to go much more into this. It is absolutely catastrophic. If you are a person who’s responsible for the IT resources within a business. You have to take care of this. Right, right, right away.
The cybersecurity arm of the Department of Homeland security mandated all agencies will over the weekend. They put the mandate out on Friday and then they had to be done by Monday. They had to apply the patch by Monday night or remove the controllers from the internet. Take that as a little bit of a hint that maybe it’s something you should do too.
So if you are a business owner, make sure you check with your managed security services provider and or your employees who are responsible for it. Okay. Cause it’s very, very big. It’s the year’s most severe Windows bug that we’ve seen this year and who knows maybe more on the way. So I’m not going to say is the best or the worst.
Now let’s move on to another subject here that I think is worthy of the news here and that is that VPNs are a risk.
Now, one of the legitimate reasons to use a VPN would be, so you don’t expose those services on your server. In other words, they’re not exposed to the whole internet. If they’re not exposed to the internet, some guy or gal somewhere else in the world, can’t get to them. So how do you let your employees get to those services and keep them locked down for everybody else?
You could do it by having your firewall only allow certain internet addresses to get through to those services. That’s what I would advise as a quick stop-gap for you. Make sure that only the home computers that are supposed to be able to get at it can get at it.
But remember too, that it is just a quick stop-gap because those home computers could be infected and could be used as a launching point to come after your services. So you’re letting that home computer through your firewall to get to the RPC services, the login services they need. If that computer is infected, that home computer, it could be used now to attack you. So it’s just a stop-gap.
Another way to do it is to use a VPN. Now, you know what I’ve been saying about VPNs for the longest time, where VPNs are, frankly, a little on the hazardous side, particularly for your security. There’s a difference between privacy and security. At least if you ask me.
The biggest difference is privacy means that advertisers don’t know where you go and that means your internet service provider doesn’t know where you go. That’s privacy.
Security is where you don’t want that information sold, but even more so you don’t want to have your bank account information stolen or other things that really need to be secured. Okay.
So that’s a big difference here. If you get a VPN for your business so that people can connect to these log-in services, or maybe connect to your file server, that’s a bit of a problem as well, because remember the VPN can be used both ways.
It’s like that saying, I love this old saying, but tracers work both ways. Right?
You use tracer rounds when you’re shooting at the enemy so that you can see where the bullets are going. By the way, that means the enemy can see where the bullets are coming from. The same thing’s true with VPNs you put a VPN in place so that home users can connect to those login services or maybe your SMB CIFS here, your file servers, right, the file shares. You open it up the VPN so they can get through, but now potentially the bad guys can use it to get through as well. So it is a big problem.
Because of that, VPNs need to be tracked very closely in your firewalls.
We run all the VPNs that we have for clients or that are requiring security. We run them all through not just a basic firewall, but one that reassembles everything. Examined all files that are being downloaded, et cetera, et cetera. Okay. That’s what we do now.
There is a new technique in place right now that is gaining a lot of momentum and frankly, within the next few years, all businesses should be using this. We’re doing this already and it’s something called zero-trust and zero trust means in the case of a VPN. Okay, great. There’s a VPN in place, but I don’t trust that home computer to have full access to my network. In fact, not only mine, do I not trust it to have full access to the network, but I don’t even want to have full access to this particular server.
I only want it to have web access, let’s say. Even then I want to go to the next level. I want to make sure that that home computer is not being used to grab my client list. That an employee is about to take with them as they walk out the door to my competitor.
That’s where you start getting into zero-trust and what that’s all about. We’re going to talk a little bit about that. What Gartner’s predicting is going to happen here by 2023 and how you can use it and how you shouldn’t be using it right now, in fact, so stick around because we’ll be right back. We got a couple more segments left and of course, a bunch more to talk about, and don’t forget, visit me online.
Hopefully, you got my email on Wednesday with that three-minute training. Go to Craig peterson.com/subscribe right now and make sure you get all of my newsletters.
Stick around. We’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: