On Tuesday, Microsoft announced vulnerabilities in virtually all current Microsoft operating systems, from Windows 7 SP1 through the latest Windows 10, and also from Server 2008 R2 through the latest Server 2019. These are known as CVE-2019-1181 and CVE-2019-1182. So far, no known exploits have been detected, but with the announcement, it is important to begin preparations immediately. Those patches are available now through Microsoft.
These vulnerabilities permit remote code execution, which means they can be activated without any action on the part of the user, and even without a user logged in. As a result, these have the ability to spread rapidly through networks containing unprotected systems.
CSG’s automated update mechanism provides for applying patches as they come out and are approved for distribution, typically weekly or monthly and after hours. In this case, we recommend permitting us to push these updates immediately, which may require reboots of servers and desktops. It is likely that safeguards like Antivirus and email filtering will provide some protection once the first exploit is captured, but that has not yet occurred.
Please let us know if we can begin applying these updates to your systems, and reach out if you have any questions. We will reach out with schedules once we have your replies.
If you wish to manually apply the updates to your own desktop or laptop, feel free to proceed. If you run into difficulties with that, please open a ticket with our help desk at 877 895 2525.