Small Business vCISO Security Notes – Week 39
From the Cloudz Biz security and productivity desk, we provide a few small business vCISO Security Notes in week 39 of 2020. Now heading into the eighth month of the COVID19 pandemic.
The purpose of this blog and weekly update is to provide small business owners a high level update on security issues and productivity opportunities. As we help small business increase security, enhance productivity and boost the bottom-line.
Table of Contents
vCISO Security Notes:
For this week, we touch on three (3) security vulnerabilities. Again the purpose is to provide awareness for small business owners of risks to their business. How to remediate and protect their environment against these risks. Hope you find this valuable in your business journey.
#1 – Microsoft ‘Zerologon’ Flaw – CVE-2020-1472
This vulnerability CVE-2020-1472 is the ability for an attacker to hijack your Active Directory environment via your Domain Controllers. The official definition is an elevation of privilege vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) also known as Netlogon Elevation of Privilege Vulnerability. Microsoft scored this bug with a CVSSv3 score of 10.0.
The Risk:
If your business uses domain controllers for your Active Directory environment, you are at risk of your domain controllers being hijacked by an attacker. The Netlogon authentication process uses a weak cryptographic algorithm which allows for full takeover of Active Directory Domains.
Remediation Plan:
Microsoft issued a patch for this in August patch Tuesday deployment as the first phase to remediate. The second phase of Windows updates will become available in Q1 of 2021. We’ll make sure we add that to our vCISO Security Notes next year.
Microsoft updated their action plan to pass along to your technical resources:
- Update your Domain Controllers with August 11, 2020 or later release
- Find which devices are making vulnerable connections by monitoring event logs
- Address non-compliant devices making vulnerable connections
- Enable enforcement mode to address CVE-2020-1472 in your environment
Bottom-line don’t procrastinate on this one.
#2 – Bluetooth Multiple Vulnerabilities
Bluetooth vulnerabilities keep piling up. If you’d like to see the whole list you can go here. However, this week from a small business perspective, you should know about Apple Bluetooth vulnerability CVE-2020-9770.
The Risk:
An attacker in a privileged network may be able to intercept Bluetooth traffic.
Remediation Plan:
Apple released a fix in iOS 13.4 and iPadOS 13.4. Make sure you update all Apple devices on your business network.
Let me add one comment to Bluetooth in general. If you don’t use Bluetooth in environment, turn it off. Just to be clear, I am not saying never use it. Due to the amount of vulnerabilities that consistently surface from month to month, I recommend shutting it off when not in use.
#3 – Windows DHCP Server Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.
The Risk:
An unauthenticated attacker can send a specially crafted packet to an affected DHCP server to exploit the vulnerability.
Remediation Plan:
Update all servers with the DHCP service with the latest September 2020 patch updates. From the vCISO security notes, make sure your business has a consistent plan on updating all hosts and systems after every Microsoft Patch Tuesday release.
Cloudz Biz Final Notes
Now that we’ve shared the vCISO security notes. A few more general thoughts, technology creates advantages through productivity and business workflow enhancements. However, with technology opens up the door for attackers to take advantage of flaws. No technology is perfect so the next best thing is to develop a plan to maintain updates for the technology you utilize for your business. Also find a vendor or partner who will run vulnerability scans on your environment at least once per year.
If you feel like this is valuable, please leave a comment below. Look forward to hearing from you.
For your next Risk and Vulnerability Assessment, click the link below and take advantage of what we have to offer.
| Cloudz Biz Vulnerability Assessment |
Recent Comments