Tim Guim here from PCH Technologies. I have to go off–topic for a minute about the title question of, “Are you still running Windows 2008?” so bear with me!
On Friday night, September 18th, the Department of Homeland Security issued an emergency directive that all federal agencies had until Monday the 21st to patch all Microsoft Windows domain controllers or disconnect them from the network due to a vulnerability found in the Windows Server operating system. The risk of the vulnerability was categorized as a level 10, the highest possible score that a threat could receive by the CVSS (Common Vulnerability Scoring System). Not often does the Department of Homeland Security issue a directive like this unless it is a significant threat to public safety and security.
This vulnerability called Zerologon allows an attacker to gain administrative access to a Windows Server domain controller by sending a sequence of zeros to the server. The reason why this vulnerability is so dangerous is that anyone who can connect to the Windows Server can elevate to admin privileges. This is alarming since being an admin gives full access to the server, including the ability to read and write data, create and delete users.
Although the Department of Homeland Security only directed action to be taken at the federal level, it is important to take a look at your own Windows Servers to ensure that they are patched. Microsoft issued a patch as part of its August 2020 Security update to address the issue for currently supported Windows operating systems.
So back to my point, if you still are running Windows 2008 Server, you have an unsupported operating system without a security patch and you would be vulnerable to this problem. Some of PCH Technologies clients still need to run Windows 2008 Server. The reasons are largely due to legacy or custom software that would be costly to migrate to new systems or equipment tied to servers that would be very expensive to replace.
PCH Technologies still needs to secure these Windows 2008 systems as best as possible for our clients. Microsoft does have a service to provide patches, however, it is very costly and for most businesses this is unaffordable. For these servers, we have compensating controls to reduce the risk of running in unsupported Microsoft Windows 2008 operating system. Some of the current ways we reduce risk are not allowing the server to go out to the internet, keeping it in a segmented network, and monitoring the network traffic and logs of the server for indicators of compromise.
After reading this directive, PCH Technologies’ Chief Security Officer Mark Moore, wanted to do more and have an additional way to protect our client’s systems. In his research on this issue, Mark found an alternative way to patch Microsoft Windows 2008 Server systems, using what’s called a micro patch. A micro patch is different in the fact that it is a patch that runs strictly in memory and is not installed as part of the operating system. Micro patches can be quickly deployed, and do not require server reboots since they are active as soon as they are run. The tool that we have vetted, tested, and deployed is from 0patch.
So, the moral of the story is if you’re still running and need to patch Windows 2008 Server, a great technique is to use micro patching to secure your server. By the way, micro patching works for Windows 7 for anyone still running that as well.
Have a good Tuesday everyone and happy patching!