Critical Vulnerability in Windows OS – Learn How To Protect Yourself

Why Is This So Important?

As this vulnerability is placed at the pre-authentication stage and does not require any user interaction it would allow any arbitrary attacker on the internet to execute malicious code on a victim’s private system and allow for a total takeover of a PC within any network, such as Wi-Fi hotspots, public networks and private and corporate networks.

According to Microsoft, in order to exploit this vulnerability, an attacker would have to send a specially tailored request to the target systems’ Remote Desktop Service via RDP. Given the nature of the vulnerability, once a host is infected there is great risk of lateral movement to infect other connected hosts on the same network.

Put another way and to clarify the potential exploitation of this vulnerability, it could be used in a very similar manner as that of the 2017 WannaCry attack that caused catastrophic disruption and sabotage to thousands of organizations across all industries worldwide.

Who Is Affected?

Those using certain versions of Microsoft Windows 7 and Windows Server 2008 are at risk from this vulnerability. Customers running Windows 8 and Windows 10 are not affected by this vulnerability due to these later versions incorporating more secure updates.

Those most at risk, among others, are those working with embedded devices such as ATMs in the banking sector and IoT devices in the healthcare industry. This is due to older versions of Windows known to be the systems behind these operations as well as them being prized targets for cyber criminals. As a result, since this vulnerability was announced, security professionals in hospitals and banks have been working diligently to patch their systems.

How to Protect Yourself

• Block the RDP protocol on Check Point gateway product and endpoint SandBlast agent. Instructions for Check Point R77.x and R80.x are included in the link in this post.
• If you are using RDP for mission critical systems – configure the Check Point gateway and endpoint product to accept connections only from trusted devices within your network. Instructions included in the link in this post.
• Disable RDP on your Windows PC and servers (unless used internally) and deploy the Microsoft patch. Please note that your ability to identify vulnerable systems when used in IoT devices (corporate, finance, industrial and healthcare systems) is limited – therefore it is recommended to follow steps 1 & 2 even if patch is installed.

Currently, while Check Point researchers are investigating this vulnerability and monitoring any relevant activity in the wild, we recommend all IT professionals to deploy Microsoft patches according to the MS Security Update Guide.

The Industry’s First Hyperscale Network Security Solution - Introducing Maestro

Imagine you had a house – three bedrooms, two stories, one bathroom on a single-family lot.

And now imagine that you wanted to expand this property – you want four stories, multiple units, many bathrooms.

What if we told you that you could build that dream house up in two weeks – without lifting a single brick?

Check Point Maestro can do that for your network security, because Maestro is the industry’s first hyperscale network security solution.

Security As Dynamic and Scalable As The Cloud

With Check Point Maestro, organizations can easily scale up their existing Check Point security gateways on demand — the same way as they can spin up new servers and compute resources in public clouds.

By extending the Gen V security capabilities of our Infinity architecture into hyperscale environments, Maestro allows organizations to secure their dynamic, evolving environments without limits… now and in the future.

Maestro enables a single Check Point gateway to expand to the capacity and performance of 52 gateways in minutes, giving companies elastic flexibility and enabling massive Terabit/second firewall throughput. This nearly limitless scalability enables organizations to secure the largest, most resource-hungry environments, such as hyperscale data centers, telcos and mobile networks.

Security, Resiliency, Supremacy

Check Point Maestro delivers advanced new capabilities:

• Hyperscale security: customers can scale up their existing gateways of any size on-demand, to support over 50x their original throughput, within minutes.  It gives seamless expansion to hyperscale security, while protecting organizations’ existing investments.
• Cloud-level resiliency: Maestro is the only unified security system that can offer cloud-level resilience and reliability to all organizations’ deployments, with Check Point’s HyperSyncTM giving advanced telco-grade clustering and full redundancy.
• Operational supremacy: It is managed intuitively by Maestro Security Orchestrator, which controls all of an organization’s gateways as one unified security system, minimizing management overhead.

Protect Your Business by Managing Network Security

Next generation cyber security attacks can happen at any time to any size business, so you need to be prepared to react immediately. Based on the 2018 Verizon Data Breach report, 58% of security breach victims are categorized as small businesses. In addition,79% of the attacks on small businesses resulted in a confirmed breach. To prevent security breaches, you need to be able to monitor your network and quickly mitigate security threats anytime and anywhere. Small businesses typically don’t have a dedicated security professional, so security management applications also need to be easy to use.

Check Point is proud to introduce the WatchTower Security Management App for Small and Medium businesses. The intuitive security management app provides real-time monitoring of network events, enables you to quickly block security threats, and configure the security policy for multiple Check Point Security Gateways.

Customers who use the Check Point 700,900 and 1400 series gateways can now manage their network security on the go with their iOS or Android mobile phone.

The WatchTower Security Management App provides the following innovative capabilities:

• Network Security snapshot enables you to view the devices connected to your network and monitor potential security threats.
• Real-Time Security Alerts provide notification of malicious attacks or unauthorized device connections.
• On-the-Spot Threat Mitigation enables you to quickly block malware-infected devices and view infection details for further investigation.
• Security Event Notification enables you to customize notifications for your top-priority security events.
• Network statistic reports and charts provide insights on network usage patterns.
• Network Security Event feed provides you details on all the security events by category
• The Settings Manager enables you to set the security settings for multiple gateways
• The Advanced policy configuration feature enables you to manage all the security policy setting through a secure web user interfaces.

Don’t let your company become a security breach statistic. Protect your company network while on the go using the WatchTower Security Management app.