No matter how robust an operating system is, it is difficult for it to be completely free of possible threats. Given that cybercriminals are constantly reinventing themselves, it follows that the same goes for cyberthreats. It is a constant cycle where any delay or slip up can open up new points of entry for unwanted visitors.
And if operating systems are vulnerable, the companies using them are also vulnerable. In many cases, companies entrust their corporate cybersecurity to a single piece of default software; but experience shows that this is not enough. We now yet more proof of this. And what’s more, it affects a huge number of companies all over the world.
The vulnerabilities in Windows 10
This is exactly what has happened to Windows 10. Several vulnerabilities were found in this new version of the most widely used operating system in the world almost as soon as it was launched. But it has now set alarm bells ringing once again. In this case, the vulnerability is in ExploitGuard CFA File Creator, a tool provided by Windows in order for users to monitor the changes that certain programs are able to make to files within specific folders. The intention behind this tool was clear: it would allow the user to control possible unwanted access, and to avoid possible attacks from untrusted programs.
And, put bluntly, the results couldn’t have been more counterproductive. As cybersecurity expert Soya Aoyama has demonstrated, there is a way to insert a malicious DLL so that, when Internet Explorer (which is on the CFA’s list of trusted programs) is run, ransomware can be inserted into the protected folders. I.e., this cyberattack takes advantage of a piece of software that is apparently harmless (Internet Explorer) in order to get into these folders.
The worst thing about this may be the fact that, so far, Windows Defender, which has already had one or two problems itself, hasn’t been able to detect this problem on its system. And it doesn’t stop there: when Aoyama disclosed this vulnerability, the company didn’t feel it necessary to launch a patch, since, in their opinion, in order for the risk to be real, unauthorized access must have taken place before the DLL was launched.
If we apply this to a corporate environment, the risks are clear. At the moment when the DLL arrives in an employee’s protected folders, it could set off a chain of attacks in the rest of the company, causing a serious corporate cybersecurity problem.
How to avoid the vulnerabilities?
It is clear that, in light of these risks, companies can’t simply make do with the cybersecurity provided by their operating system; they must develop their own precautionary measures.
1.- Cyber-resilience. 90% of companies acknowledge that they are not cyber-resilient. This is something that needs to change right now. Against a backdrop where attacks are renewed and new strategies are constantly being developed, companies must actively protect their corporate cybersecurity and frequently renew their warning systems and processes.
2 .- 360º security. At times, some cybersecurity technology solutions focus on detecting possible vulnerabilities in entry points, neglecting the needs of the endpoints. To this end, Panda Patch Management, a complementary module of Panda Adaptive Defense, takes care of completely monitoring possible cyberattacks and unwanted access, from discovering and planning, to installing and monitoring patches and updates. What’s more, Panda Patch Management focuses particularly on third party applications, which are those that are causing attacking in Windows 10, and provides visibility of the health of endpoints in real time, in terms of possible vulnerabilities, patches, or pending updates and unsupported (EoL) software.
3.- Check CFA. If a device in our company has suffered an intrusion using ExploitGuard CFA File Creator, it’s worth checking it, especially in order to verify what applications it has permission to access. In the case that there are programs that are not totally trusted, they must be taken off the whitelist.
4.- Updates. On the other hand, companies must ensure that all their applications have the proper updates, since 99.96% of active vulnerabilities in corporate environments have pending updates that, were they applied, would greatly help to prevent security risks.