By Matt McKinley, U.S. director of product development, Stonesoft
The MSP Alliance welcomes a guest post from Stonesoft, Inc. (www.stonesoft.com), a global provider of network security solutions to MSSPs, enterprises and government organizations.
The network security industry has been abuzz with news these last two weeks. Last week, Microsoft announced a critical security flaw in its Remote Desktop Protocol, which could allow hackers to hijack user sessions and access sensitive data. Security professionals were urged to immediately fix the flaw before the exploit code was discovered in the wild – which only turned out to be a few days following Microsoft’s disclosure. Late last week, exploit code was discovered online.
I realize that if you’re a MSSP professional, this is old news. You’ve probably been knee deep in patching these last seven days. But, in the chaos that ensues this kind of disclosure, it’s important to think about more than traditional patching activities and protocols.
Here are two things to remember as you eliminate this vulnerability across your protected networks:
- Check your IPS. You may not be able to patch every desktop, even with a patch management system. Therefore, make sure your IPS solution covers this vulnerability and includes a signature that specifically protects against remote desktop session hijacking.
- Leave no man (er, machine) behind. While enterprises are more likely to have a patch management system, that doesn’t make them wholly-protected against the new bugs found in RDP. Large enterprises often employ large numbers of contractors/sub-contractors that aren’t always subjected to the same IT security protocols and processes. Enterprises and the MSSPs that serve them should make sure non-full-time employee resources go through the same rigorous security and patching processes as their FTE counterparts.