USCG Warns Operators of Critical Software Vulnerability

File image

Published Jan 17, 2020 9:49 PM by The Maritime Executive

The U.S. Coast Guard's Office of Port and Facility Compliance is warning maritime stakeholders to address recently-identified security flaws that could leave their servers and business networks dangerously vulnerable to cyberattack. 

The National Security Agency recently identified a set of critical vulnerabilities in several versions of Microsoft Windows and Windows Server. Microsoft released software patches on Tuesday addressing 49 vulnerabilities, and due to the severity of some of these problems, the Coast Guard strongly recommends that stakeholders in the maritime community install these patches as quickly as possible. 

The first vulnerability affects all machines running Windows 10 operating systems, including Windows Server 2016. It could permit an attacker to spoof trusted identifies - individuals, web sites, software companies, service providers, or others. Using a forged certificate, the attacker could can gain access to vulnerable systems by sending a malicious executable file. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

Other vulnerabilities affect the RD Gateway Server in versions of Windows Server 2012 and newer. These server vulnerabilities can be exploited by initiating a remote connection and sending a specially crafted request. The vulnerabilities are particularly critical because they allow the attacker to access the server and execute code at will, without any authentication or user interaction.

The Coast Guard called for organizations to prioritize patching by starting with mission-critical systems, internet-facing systems and networked servers, then patching other affected information technology/operational technology assets. Individuals should review their personal machines and can check for available updates through Windows Settings. 

Though some of these exploits have not yet been used for cyberattacks, according to the Cybersecurity and Infrastructure Security Agency (CISA), they likely will be soon. Once patches are released to the public, they can be reverse-engineered by hackers to discover the underlying vulnerability, leaving unpatched systems even more vulnerable than before.

Patching may be unexciting, but given the multi-million-dollar stakes it is prudent practice, CISA warned. "The best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats," CISA wrote. 

More information can be found in the recent Cybersecurity and Infrastructure Security Agency (CISA) Alert.