Blog

It’s January 14, 2020. Patch Tuesday.  Your CIO wants to know: “ How does that RDP vulnerability I saw in the news affect us? ” Well, which RDP vulnerability are you talking about, boss?”  Never mind; it’s still a good question. You dig deeper.

Looking at the CVEs, you realize each is only exploitable in certain situations. You break it down:

VulnerabilityNo risk to the host if…Patch the host now if…
CVE-2020-0609Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution VulnerabilityThe system isn’t configured as an RD Gateway.System is an RD Gateway and is exposed to the internet.
CVE-2020-0610Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution VulnerabilityThe system isn’t configured as an RD Gateway.System is an RD Gateway and is exposed to the internet.
CVE-2020-0611Remote Desktop Client Remote Code Execution VulnerabilityNo users are using the RDP client from that host.Highly privileged employees are using RDP from the system to access untrustworthy hosts or connecting to systems over an untrusted network.
CVE-2020-0612Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityThe system isn’t configured as an RD Gateway.System is an RD Gateway, is exposed to the internet, and is used by customers.
CVE-2020-0637Remote Desktop Web Access Information Disclosure VulnerabilityRD Web Access isn’t configured.System has RD Web Access configured, is exposed to the internet, and is used by customers.

You think, “Cr*p, we have a few public RD Gateway systems” and those first couple of vulnerabilities look really bad. You submit a ticket to the server team asking them to patch immediately.

Also, considering the these RDP client bugs, you remember you do have a number of domain admins that connect to our cloud using RDP.  You submit another ticket to the desktop team asking them to patch just the IT team’s systems by the end of the week.  The rest of the desktops can wait until the automated roll out later this month.  Finally, the RD Web Access doesn’t affect us, since we don’t have any configured that way.

You summarize your findings for the CIO, let him know the team is on top of the RDP issues, and relax. Then you remember there’s another 44 CVEs from Microsoft, 18 in Adobe Flash and Reader, and 316 from Oracle’s quarterly batch.  *sigh*

Survival Depends on Automated Analytics

You know your IT team is too overworked to patch every vulnerability quickly, particularly in high-availability environments. But performing detailed security analysis by hand to accurately narrow down that list just doesn’t scale– there are too many vulnerabilities being published each month and too few security analysts to keep up.

DeepSurface® continuously maintains a detailed threat model of your environment, identifying which vulnerabilities matter to your most critical assets. By checking configuration settings from dozens of sources, DeepSurface automatically eliminates false positives, non-exploitable issues, and issues that don’t pose a significant risk to your business. The tiny fraction of vulnerabilities that remain are concisely prioritized and presented with detailed evidence as to why they should be addressed.

Key Features

  •    Analyzes all layers of your stack, including domain access, network connectivity, and database access rights
  •    Risk-ranked, actionable reports for common remediation tasks
  •    Sophisticated computational analysis that is surprisingly easy to understand
  •    Ability to adapt the threat model to your situation and augment it with the results of manual security tests
  •    Establish remediation plans that are supported by objective metrics
  •    Share compelling visualizations with stakeholders to help develop consensus

DeepSurface® is easy to install and configure. Our customer success staff are ready to set it up for you. Schedule a demo today.