Microsoft: Control System Warning

Friday, February 13, 2015 @ 05:02 PM gHale

Microsoft issued a warning for a Windows vulnerability that has an impact on control system owners using a domain-configured system, according to a report with ICS-CERT.

Exploitation of this remotely exploitable vulnerability could allow a remote attacker to take complete control of an affected Windows system.

RELATED STORIES
GE, MACTek Integrate HART DTM Fix
Pepperl+Fuchs Integrating Hart DTM Fix
HART DTM Vulnerability a Small Risk
Update to NTP Vulnerabilities

This security update is critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information, see the Affected Software section of the Microsoft security bulletin.

It is important to note that to protect against the vulnerability, additional configuration by a system administrator is a must in addition to deploying this security update. Click here for more information about this update. No updates are available for Windows XP, Windows Server 2003, or Windows 2000.

ICS-CERT said control systems owners should perform proper impact analysis and risk assessment prior to taking defensive measures.

With the remote code execution, an attacker could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Control systems that are members of a corporate Active Directory may be at risk. ICS-CERT is monitoring this vulnerability and will provide additional information related to control systems as it becomes available.

This vulnerability impacts core components of the Microsoft Windows Operating System. All computers and devices that are members of a corporate Active Directory may be at risk. The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device. Roaming machines and Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network [VPN]) are at heightened risk.

The Microsoft security update contains a new policy feature (UNC Hardened Access) not enabled by default. To enable this feature, a system administrator must deploy the update and then apply the Group Policy settings described in the bulletin. For complete protection against this vulnerability, system reboots must occur. Click here for more information on the impact of the vulnerability.

As of right now there are no known workarounds or mitigations for this vulnerability.

ICS-CERT strongly recommends that administrators prioritize the review of the Security Bulletin, test the necessary configuration changes discussed in the associated Knowledge Base article (KB3000483), and apply the patch.



Leave a Reply

You must be logged in to post a comment.