this week that they ’ ve releasedVulnerability-related.PatchVulnerabilitya preliminary fix for a vulnerability rated important , and present inVulnerability-related.DiscoverVulnerabilityall supported versions of Windows in circulation ( basically any client or server version of Windows from 2008 onward ) . The flaw affectsVulnerability-related.DiscoverVulnerabilitythe Credential Security Support Provider ( CredSSP ) protocol , which is used in all instances of Windows ’ Remote Desktop Protocol ( RDP ) and Remote Management ( WinRM ) . The vulnerability , CVE-2018-0886 , could allow remote code execution via a physical or wifi-based Man-in-the-Middle attack , where the attacker stealsAttack.Databreachsession data , including local user credentials , during the CredSSP authentication process . Although Microsoft saysVulnerability-related.DiscoverVulnerabilitythe bug has not yet been exploitedVulnerability-related.DiscoverVulnerability, it could cause serious damage if left unpatched . RDP is widely used in enterprise environments and an attacker who successfully exploitsVulnerability-related.DiscoverVulnerabilitythis bug could use it to gain a foothold from which to pivot and escalate . It ’ s also popular with small businesses who outsource their IT administration and , needless to say , an attacker with an admin account has all the aces . Security researchers at Preempt sayVulnerability-related.DiscoverVulnerabilitythey discovered and disclosedVulnerability-related.DiscoverVulnerabilitythis vulnerability to Microsoft last August , and Microsoft has been working since then to createVulnerability-related.PatchVulnerabilitythe patch releasedVulnerability-related.PatchVulnerabilitythis week . Now it ’ s out there , it ’ s a race against time to make sure you aren ’ t an easy target for an attacker who wants to try and kick the tires on this vulnerability . Obviously , patch as soon as possible and please follow Microsoft ’ s guidance carefully : Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers . We recommend that administrators apply the policy and set it to “ Force updated clients ” or “ Mitigated ” on client and server computers as soon as possible . These changes will require a reboot of the affected systems . Pay close attention to Group Policy or registry settings pairs that result in “ Blocked ” interactions between clients and servers in the compatibility table later in this article . Both the “ Force updated clients ” and “ Mitigated ” settings prevent RDP clients from falling back to insecure versions of CredSSP . The “ Force updated clients ” setting will not allow services that use CredSSP to accept unpatched clients but “ Mitigated ” will .
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .