It’s difficult to determine exactly why the federal government and the entire cyber community went into a full-blown panic last week over Microsoft’s critical vulnerability announcement. To be sure, this security flaw is a major problem. It impacts most Windows operating systems, including the now-no-longer-supported Windows 7 OS. The NSA discovered the flaw, reported it to Microsoft, who promptly patched all federal systems, then they announced the flaw publicly and released the patches last week.
At the heart of the vulnerability is how Windows “trusts” network connections, software, websites, etc. This hole would allow a hacker to trick Microsoft into trusting their malware program, for example. The way this plays out is a hacker could install software to spy on you and your usual defenses would be fooled into trusting it.
While the concern is justified, it could be the broad panic was in part triggered by yet another attack on things we used to trust. Whether it’s fake news, deep fake videos, spoofed voice calls who sound like trusted people, election results, or more, it seems everything around us is suspect. The overall implications of this on the fabric of our society has yet to be fully understood, but the potential could be devastating.
So when Microsoft announces a patch for a severe bug (CVE-2020-0601), and it’s determined this flaw goes right to the heart of how Windows “trusts” things, it may have hit a nerve in many of us cyber folks that we just can’t seem to trust anything anymore.
If you haven’t updated your Microsoft devices in the past week, you need to do so immediately. Shortly after Microsoft announced the flaw, attacks were launched exploiting this vulnerability. So again, if you aren’t certain your Microsoft devices were patched, then do it now. And if you’re still running Windows 7, say goodbye ASAP. It’s not secure and it’s not HIPAA compliant as of this month.
Let’s make 2020 the year we turn the tide on cybercrime. Call us for suggestions.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.