Intelligent CIO Europe Issue 61 | Page 21




Microsoft Windows Servers have been the fundamental basis of small and large business networks since the early 2000s , and for many companies , servers are their lifeblood .
Servers are often the only entry point from the outside world . Workstations seldom require external ports to be open and most always use local firewalls to block inbound traffic . The nature of a server is to serve , and therefore , the Server Firewall is often disabled , or ports opened to allow necessary traffic . Whether you are running an in-house Exchange Server , Remote Desktop Server , File Server , Remote Management and Monitoring Server , or a Custom Application Server , you expose the server itself and your business to the risks of a vulnerability being exploited by attackers .
In 2017 , EternalBlue , a computer exploit developed by the US National Security Agency ( NSA ), was leaked by the hacker group Shadow Brokers . Although Microsoft released a patch for the vulnerability , later that same year the WannaCry Ransomware used the exploit to infect unpatched machines and using servers to push malware to entire organizations . The EternalBlue vulnerability was in the Windows RPC stack , and while RPC is not likely to be an open port on the public network , it is a port that is open to enable file sharing . This allowed attackers to gain access to the server by infecting one workstation on the local network . The attackers gained access to a workstation through various sources including poor personal firewall management and a user opening a Microsoft Office document that contained malware . p
Download whitepaper here
www . intelligentcio . com INTELLIGENTCIO EUROPE 21