As you may know, there were multiple major security vulnerabilities announced yesterday. One specifically related to the WPA2 WiFi Security Protocol dubbed “KRACK” and another related to Adobe Flash. What happened and how can you protect your environment from the KRACK & Adobe Flash vulnerabilities? Below is what we shared with our current Managed Services customers, but even if you work with another provider or handle all of your IT system monitoring and management yourself, this may be helpful toward further understanding your risks and how to protect your environment.
WPA2 “KRACK” Vulnerability
What is it?: A critical vulnerability in the WiFi Protected Access II (WPA2) protocol which could allow someone within range of your wireless network to gain unauthorized access to traffic over that connection.
This vulnerability applies to any device that utilizes the WPA2 protocol to establish secure connections, including Wireless Access Points, Endpoints (laptops, desktops), and Mobile Devices.
Microsoft has already released a patch and it is included in the October Security Rollup. For customers currently enrolled in our desktop patching program, this roll-up has been approved for immediate install. For customers enrolled in our Server patching program, we will apply the October Security Rollup per the normal patching schedule as servers typically will not have WiFi enabled.
Further – some recommendations for your end users:
- Avoid public WiFi (such as coffee shops, hotels, etc.)
- When connected to WiFi, try to limit browsing to HTTPS sites
- Consider using a VPN which will encrypt traffic end-to-end
While patching your endpoints will substantially mitigate the vulnerability, GreenPages will be watching for upcoming available patches and updates for the network devices in your environment in the coming days and weeks and will work with you to apply those expeditiously.
More specific details on this WiFi vulnerability can be found here.
Adobe Flash Vulnerability:
Adobe released a security update for a vulnerability that was recently discovered that could lead to remote code execution.
- If you are currently enrolled in a 3rd party patching program that includes Adobe Flash, we have already approved this patch for deployment to your environment.
- If you are not enrolled, due to the risk potential for this vulnerability, it is highly recommended that you apply this patch to all devices in your environment.
The Adobe Flash Security Bulletin can be found here.
We’ll be writing a follow-up post next week about the KRACK & Adobe Flash vulnerabilities once the dust has settled to see how the industry has reacted and responded to these vulnerabilities so please check back then.
To learn more about GreenPages Server, Desktop, 3rd Party Patching, and Managed Services Programs, please call 800-989-2989 and we can set up a call to discuss.
By:
Jay Keating, VP Cloud & Managed Services
Aaron Boissonnault, Director, Hybrid Cloud Operations
Steve Stein, Director, Client Services