I got a tip last week (Thanks, Stefan
!) about a patch Microsoft released for a vulnerability in Remote Code Execution (CVE-2019-0708)
that affects some older version of Windows. This vulnerability is "wormable," which means that it could be used to infect machines without any user action, and it can be done so remotely. You may recall that in the spring of 2017, a ransomware called WannaCry (or WannaCrypt) wreaked havoc on systems, primarily in Europe, by encrypting files until a ransom was paid. This ransomware held hostage the UK's National Health Service, schools and government institutions, among others, as well as German state railway operater Deutsche Bahn, which had its digital signage network hacked. See our story on WannaCry here.
Microsoft has found this new vulnerability, which could be exploited in a similar way, before anything like WannaCry has happened, so there's no excuse. If you're running any servers with Windows 7, Windows Server 2008 R2 or Windows Server 2008, you need to install this patch immediately (apparently it's particularly important for Windows 7 and Server 2008). See Microsoft's incident report with details on how to patch here
This issue has so much pre-InfoComm show news. If you're going to InfoComm, don't forget to register with our code RAVE
to get in free. Were also helping InfoComm do a 5K on Friday before the show opens to benefit the AVIXA foundation, which you can register for here
. Gary and Chuck Espinoza are also getting into some dunk tanks to help raise more money. You can donate to take some shots at them here
. (Yes, really.)
Enjoy the issue. And go patch your Windows servers!