CU*NorthWest Response to Significant Microsoft Vulnerabilities

CU*NorthWest and network partners have been tracking two significant Microsoft vulnerabilities published this week and how to remediate them. Due to the scope and severity of the issues, the US government has taken the rare step of also publishing alerts for these vulnerabilities through US-CERT and the Department of Homeland Security.

About the Vulnerabilities:

  • The first vulnerability is related to how Microsoft Windows operating systems validate trust for certain operations related to encrypted connections or software installation. The vulnerability could allow built-in security protections to be bypassed or tricked by malicious actors. Microsoft has released updates to address this vulnerability.
  • The second affects Microsoft’s Remote Desktop software on Windows PCs as well as their Remote Desktop Gateway Server for Windows servers. Successful attacks against this Microsoft software could allow for arbitrary code execution. Microsoft has also released updates to address this vulnerability.

What is CU*NorthWest Doing?

Complete Care clients managed by CU*NorthWest should have already received our monthly patching notification that we will be applying updates to your network this week. These updates include fixes for these two vulnerabilities. Complete Care clients need to take no additional steps as they will get the updates automatically. As always, please continue to monitor your Monthly Patching Reports to ensure your network is fully up to date.

Non Complete Care clients should contact their network administrator to address these updates.

If you have questions, please contact CU*NorthWest at (866) 922-7646, option 2.