Date: 16/06/2024
There has not been a situation quite like this for a decade. Do not ignore this!
2X Windows and Office Urgent Patches have been issued. Take action immediately. [Continue right to the end of this page]
Vulnerability 1 : Microsoft Windows : CVE-2024-30078
This flaw allows anyone to remotely execute any code/software on any computer via the Wi-Fi driver.
It affects ALL Microsoft Windows operating systems on both Desktops and Servers.
The world learnt about this major flaw around the 11th of June and by the 15th of June a coder shared the information on exactly how to do this. There is no way to detect if someone has used the vulnerability on your computer. It is essentially easy access to do anything. They could silently install ransomware, add stealth back doors, remote access systems, steal all company data, destroy backups, implanting methods of accessing cloud servers leaving no trace and the list goes on.
Microsoft issued an emergency patch for Windows 10/11 and Server 2008/2012/2016/2022 but not Windows 7.
No anti-virus or firewall or any other protection will protect you from this currently.
If you have not patched EVERY SINGLE DESKTOP AND SERVER in the next few days – you should take caution.
Leaving just one computer unpatched is enough to take down an entire company.
In the meantime – do the following:
- Get your IT team to patch every single desktop and server before the 20th of June 2024. Any new systems added afterwards need to be patched before connecting.
- Ensure all your Wi-Fi password are 16 characters and above. This would also be a good time to make sure it’s changed, long and random. Anyone that connected previously could leak this information. And drive by Wi-Fi hacking happens quite often even if you are in a remote location. Many people are unaware that thousands of people do this daily.
- If your guests and office share the same network. Remove the guest network until everything is patched and then change the password for all wireless networks. Any contractor or third party should not be allowed on the network until they are patched and checked.
- Remove VPN access to your business until all remote VPN computers have been patched.
- Do not connect to any shared networks (hotels/hotspots/trains/restaurants etc) unless your computer has been patched and checked. It only takes seconds for this flaw to be taken advantage of and you would never know it’s happened. Trojans can act in complete stealth mode and often wait in a dormant state for many months.
- Any old computers running old operating systems like Windows 7 need to be removed off the network.
- Ensure you have the latest version of ThreatDown Business Anti-Malware or ESET Business installed. They will soon be able to detect the flaw if you are using the business premium versions that do vulnerability checking. However if a hacker has made use of the flaw before its discovered then any software they have installed may not be detectable. A bit depends on how sophisticated the hackers are.
CVE 2024 30078 – Windows Security Update Patch IDs numbers are:
Windows 11 : KB5039211 or KB5039213 or KB5039212
Windows 10 : KB5039214 or KB5039225 or KB5039211 or KB5039217
Windows Server 2022 : KB5039227 and KB5039330 or KB5039236
Windows Server 2019 : KB5039217
Windows Server 2016 : KB5039214
If you are running older operating system, you really need to be upgrading.
Advanced User References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078
https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
https://www.cve.org/CVERecord?id=CVE-2024-30078
Vulnerability 2 : Microsoft Office Outlook : CVE-2024-30103
Anyone using Outlook 365 (365 Apps), Outlook 2019 (Office 2019), Outlook 2021 (Office LTSC 2021) & Outlook 2016 should perform this update.
Any inbound email without performing any action on the user side can cause Outlook to execute malicious software via the preview panel.
This is known as a zero-click exploit and is very dangerous.
This would allow a hacker to silently install undetectable remote access software, copy all company data, destroy backups, gain access to website bypassing security checks and two factor, infect the rest of the network and just about anything they like. Once again this can all be completed in stealth without anyone noticing or detecting it via anti-virus software.
To get the security update for this in 365 do the following:
1: Make sure you are using a licensed version of Office, open Word or Excel and go to Accounts in the bottom left. (see screenshot)
2: Click ‘Update Options’ and choose ‘Update Now’
3: Confirm the version number matches ‘Version 2405 (Build 17628.20144 Click-to-Run) : All the numbers need to match not just the first few.
If using Outlook 2016 you will need to install KB5002600 specifically.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30103
Your GDPR Legal Obligation
As a business owner, you have a LEGAL obligation to ensure your computers, network and cyber security are up to standard and you need to request a cyber security audit.
Often business owners will go against advice from computer companies to avoid paying for the latest version of Windows or a business grade anti-virus or network protection. Its not worth the savings in the long run. We see entire companies fail because of this.
Read our article now : https://itproexpert.com/new-ai-business-cyber-security-protection/
Even old equipment is a risk. Older Wi-Fi equipment is very easily hacked, old firmware on devices is usually full of security flaws and even old computers themselves have vulnerabilities in their CPUs or simply by the fact they can only run older operating systems.
The world of hacking is a multi billion dollar industry now and its only a matter of time before its your turn. Don’t leave it till next month or next year as tomorrow could be the day things go wrong for you.
Recommended reading: https://www.lawsociety.org.uk/topics/small-firms/cyber-and-data-security-five-legal-obligations-you-should-not-ignore