How you Can Protect your Business against Critical Vulnerabilities in Operating Systems or Software

A successful cyberattack is always a nightmare for those affected - regardless of whether it’s an IT service provider or company. This is especially true if the attack did not take place via an email virus or a system attack, but through a weak point in the operating system or software used. This isn’t an outlandish scenario, as the security holes for which Microsoft released patches at the beginning of May 2021 show.

Vulnerabilities in Operating Systems or Software

Microsoft regularly provides patches to close security gaps in programs, applications and operating systems. However, some of these gaps can be so critical that they open up opportunities for cyber criminals to attack an operating system and even infect an entire network. In the worst case scenario, an exploit code may even be circulating before Microsoft provides a corresponding patch to fix the vulnerability. The latest Windows security gaps show that such a case is not that far-fetched.

A Malicious Code Gap in Windows Threatens Entire Networks

In July 2021, there was an exploit code in circulation that exploited a vulnerability in many versions of Windows. Various security researchers were able to attack fully patched systems with Windows Server 2019 and execute malicious code with system rights. In the worst case, such an attack could happen on a domain server, which would then allow attackers to spread across the network and infect other computers. The vulnerability is in the RpcAddPrinterDriverEx () function of the Windows printer spooler service and affects all versions from Windows 7 SP1 to Server 2019.

The good news for administrators: Systems can protect themselves against an attack by deactivating the print spooler service. This current example shows very well that not only external attacks, but also attacks via security gaps in operating systems, software or protocols can become a major problem. Such security gaps also existed in May 2021.

When a Trojan virus sneaks in through a hole in the system

A month before that there was another critical vulnerability (CVE-2021-31166) in the http protocol stack (http-sys). It could be used by attackers to remotely execute malicious code with kernel rights - i.e. the central component of the operating system. All that is required is to send a special package to the affected server. The Trojan could then spread like a worm in the networks and infect several computers. Windows 10 can also be affected by the vulnerability if the operating system is configured as a web server.

The second critical vulnerability (CVE-2021-28476), on the other hand, concerns Hyper-V. Hyper-V which is used, among other things, to virtualize environments. It can virtualize smaller environments as well as entire data centres and also carry out the complete network configuration without third-party tools. The security gap could cause attackers to crash the host, which in turn leads to a “Denial-of-Service” (DoS). When an attack like this occurs, requested services are no longer available or only available to a very limited extent.

Well Protected Against Cyber Damage with Professional Indemnity Add-On

But what happens if such an attack occurs in one of your customers’ networks? Who pays for such incalculable risks if the weak point that made the hacker attack or DoS attack possible in the first place came from the operating system itself? exali.com offers First-Party Cyber and Data Risks Insurance (FPC) for its Professional Indemnity Insurance for precisely such cases.  The insurance covers first-party claims related to hacker attacks, DoS attacks, cyber extortion, computer abuse through malware and ransomware, theft of data carriers and any other data infringement.

In the event of a successful attack through a Microsoft vulnerability, the resulting damage would be insured. The special thing about the add-on is that it assumes the costs and crisis management, including, for example, hiring of computer forensics specialist teams and consultants to inform data owners, reimbursement of damages and rewards in the event of extortion or fees when specialised lawyers need to be hired.