Why Windows updates are CRITICAL

My customers hear me say all that Windows updates are an extremely important piece of your network’s security.  If you are not doing regular windows updates, you are leaving your enUpdatesvironment open to all sorts of virus’ and hacks that may not otherwise be possible.

Some people hate seeing this image, because it may mean that you’re not doing work for the next ten minutes. But the alternative can be much worse



Let me show you an example.

There is a Microsoft windows security update referred to as MS09-050 (https://technet.microsoft.com/en-us/library/security/ms09-050.aspx)

It affects Windows Vista and Windows Server 2008 servers (even up to SP2) and it is a “Remote Code Execution” vulnerability.

Ok, so what does that mean?

Well, what this means is that someone can take over your server if a specific service is accessible over the network. This specific service is responsible for File Sharing, and is extremely common.

There is a handy tool called “Metasploit” that security professionals (and hackers!) can use to exploit this vulnerability. There’s even a free version.

If I load up metasploit and search for MS09-050Exploit-ms09-050

I can then configure Metasploit to point to the server I want to attack and remotely take over the system.Exploit-ms09-050-2.jpg

The last line tells me that I now have the ability to run commands against the server.

From here, I can steal passwords, steal documents, take screenshots of the desktop, enable the webcam or use this system as a platform to continue attacking the rest of the network. I have full control of this system.

This is only one example of the importance of patching. There are common exploits available for Java, Adobe Reader and almost every other piece of software you can imagine.

How do I fix it?

Do regular updates for all of your software, Spartan Systems provides an automated service to patch desktops and servers for many common Windows applications for an extremely affordable rate ($10/desktop/month).

Get in touch today to get started!

Phone 506.848.0888

Leave a Reply

Your email address will not be published. Required fields are marked *