IT Maintenance is something many people ignore or put off. Even some IT people put it off, believe it nor not! In the past, updates could cause more harm than good and because of this people started to ignore them all together. Bad idea! This now can cause major repercussions you want to avoid.
Why is it so important now you might ask?
Well, for one, if your computer starts acting funny, running updates can help remedy the problem. For example, if your WiFi keeps dropping on your laptop, 90% of the time a Windows update will fix the issue. And two, as an IT professional who has seen a lot of computer issues over the years, one of the things that always surprises me is how often servers are not updated with the latest security protections.
I know it is a hassle to have to do updates after hours when no one is in the office or on the network, but I cannot stress enough how important it is.
Recently, a huge vulnerability was detected that affects business of all sizes that run Windows Servers in their environments:
EMERGENCY SECURITY DIRECTIVE!
On September 18th, 2020, the U.S. Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (CISA), issued an emergency directive to all federal agencies to immediately apply Microsoft’s August 2020 Security Update (CVE-2020-1472) to all Windows Servers that are domain controllers. This threat is serious enough that if a domain controller cannot be updated, they further directed that it must be removed from the network.
This vulnerability has received Microsoft’s highest severity rating – 10 – but they didn’t publish the details of its impact. However, on September 11th, 2020, the Dutch security firm Secura BV published a report with these details:
This vulnerability affects Windows Domain Controllers which act as the security gateway to network resources such as your shared file system. The cryptographic authentication process used by all Windows domain controllers contains the vulnerability which can be used to change computer passwords.
In a nutshell...
In a nutshell, this means that a cybercriminal can gain administrative access to your systems with the click of the mouse. All that is required is for them to gain access to one device on your network. From there, he or she can gain administrative access to every computer on the network and all the data they house.
If the agency in charge of securing our nation’s technical infrastructure is advising all federal agencies to apply this update, then everyone should.
This is a two-part phase and the other phase of the update will not be released until 2021 to give developers time to update their codes for software applications.