You may have heard the recent hullabaloo about WinShock, the latest in a troubling series of hacks afflicting the modern IT environment. While WinShock isn’t as yet as scary as something like Heartbleed, you should still address it.
It’s another good reminder that regular patching, while it can be painful in short term, is essential to a healthy network: WinShock specifically enables hackers to remotely execute code on unpatched servers. (p.s. Look out for our upcoming post on patch management).
In the meantime, here’s what you should know when considering rolling out a WinShock patch.
Yes, You Really, Really Do Need to Patch for WinShock
As a general rule, implementing patches isn’t fun. It’s a time-consuming, disruptive process that sometimes might not even seem necessary. But you know what is even less fun? Getting hacked. In the case of the new WinShock vulnerability, the patch is definitely worth the effort. With Panorama9, you can even spare yourself the effort with an automatic fix.
Who is at risk?
Every device that operates on a Windows system is vulnerable to WinShock – not just servers. Every version of the operating system is susceptible.
Why is WinShock dangerous?
WinShock is an SChannel security flaw that opens devices up to remote code execution. There aren’t any known exploits yet, but there almost certainly will be in the near future. When that happens, it is likely that the hackers will target Internet-facing systems like servers running websites. If that were to happen, your server would be running at the mercy of the attacker.
The biggest threat to these systems will be if someone manages to create a worm that exploits the bug (no pun intended.) If that happens, the worm will spread extremely quickly and could potentially be very damaging. If you don’t have a patch in place, your system will be open to exploitation.
How Panorama9 can help you with the WinShock patch
If you enable the Panorama9 patch feature, it will automatically patch all of your computers and servers. P9 will run an audit of each device to see if it has been updated, and if it has not, it will perform the necessary updates for you. You can just sit back, relax, and know that your system is in good hands.