Security Column Vol.4
A high-urgency vulnerability announced in Windows 7 / XP ! Protect yourself by first understanding your current status.

A high-urgency vulnerability found in Windows

A possible round 2 of WannaCry?

An emergency update program for a vulnerability in the Windows Remote Desktop service was released on May 14, 2019. This update was also released for the no-longer-supported Windows XP, hinting at a high level of emergency.

Products affected by this vulnerability include Windows XP and Windows 7, and if exploited, even without remote desktop being activated or other actions by the user, the attacker can run malicious programs. This means that, through this vulnerability, even if the user doesn’t do anything they may be infected with a virus. The United States’ National Security Agency (NSA) released a warning on the same day about this vulnerability and news media reported that the vulnerability could lead to a worst-case scenario like that of the WannaCry threat.

Windows 7 market share is still 31.96% !

Windows 7 support will end on Jan. 14, 2020, but how many Windows systems still use this OS?

According to the graph seen below, Windows 7 is still used on 31.96% of Windows desktops around the world (as of June 2019). Administrators of these devices don’t have much time left to upgrade.

Desktop Windows Version Market Share Worldwide – June 2019

世界でのWindows OSシェア推移

Source: StatCounter

Partner companies and subsidiaries under attack? Supply chain attacks

10 Large Threats to Information Security 2019 (Organizations)
Rank Threat type Last year
1 Targeted attacks 1
2 Business email scams 3
3 Ransomware 2
4 Exploitation of supply chain vulnerabilities New
5 Intentional data leaks 8
6 Denial of service attacks 9
7 Theft of personal data from online services 6
8 IoT device vulnerabilities 7
9 Increased countermeasures workload 4
10 Accidental data leaks 12

In recent years, attacks against low-security subcontractors and subsidiaries as a stepping stone for attacking large companies in large numbers, and for the first time they have ranked in 10 major cybersecurity threats to corporations published by the IPA (Information-technology Promotion Agency), at number 4 in the 2019 edition.

Because of this, there is a need to secure endpoints (devices) at related companies and subsidiaries to the same level as those at company headquarters.

The first step to defense is knowing
what your security situation is

Are you aware of and monitoring all of your endpoints?

Issue facing asset manager:
We don’t know how many endpoints are connected to our internal network, so we don’t know all the devices that should have KDDI Cloud Inventory installed on them.

How KDDI Cloud Inventory can solve it:
KDDI Cloud Inventory’s “Unauthorized Device Detection” feature records all endpoints that connect to your network, so it can also be used to take stock of all the devices that need to be covered by security.

We receive requests for help from customers who still have some computers running Windows XP at their overseas locations or at subsidiaries, or who want to start management of IT assets and security, but do not know all the devices used by their employees at their headquarters, subsidiaries and overseas branches.

“KDDI Cloud Inventory” is an IT asset and security management tool that collects endpoint information and automatically generates reports. With this one tool, you can do cloud-based management, automatically gathering information on all your managed devices. Many other features are also included, such as setting unified policy, Wi-Fi and USB restrictions, user operation logs, and more.

With the KDDI Cloud Inventory option “Unauthorized Device Detection”, administrators can monitor endpoints that connect to their network, and detect or block ones that do not have KDDI Cloud Inventory installed.

Once you know what endpoints your company has, the next step is to address their vulnerabilities

Countermeasure 1Enable forced automatic updates

With KDDI Cloud Inventory, you can simultaneously enable software updates for OS, Adobe products, and Web browsers, reducing the problem of endpoints that are missing the latest updates.

Sofware Update automatic setting

ソフトウェアのUpdate

Windows Update automatic setting

Windows Update 自動設定

Countermeasure 2 Use KDDI Cloud Inventory’s program distribution feature to distribute needed software

For software not covered by countermeasure 1, software that supports silent installations can be batch force-installed from the administrator side to client devices.

Conclusion

There is no limit to the number of security countermeasures that can be taken, such as installing security software, EDR, and behavioral analysis, but without first knowing the endpoints connected to your network, you won’t know which endpoints need to be covered in the first place. In security management, knowing all of your endpoints is an important step. To avoid supply chain attacks and other threats, consider checking not only endpoints at your headquarters, but also those at subsidiaries, which tend to have lighter security.

Apply here for a 30-day free trial

Take this opportunity to use the free trial to experience security management with KCI !

Contact Us