Hospitals with Microsoft Windows Operating Systems should apply the most recent security updates issued by the company as soon as possible, prioritizing mission critical systems, internet-facing systems, and networked servers. The Microsoft patch includes fixes that address 49 vulnerabilities, including critical weaknesses in the Windows Cryptographic Application Programming Interface and Windows Remote Desktop Protocol server and client. While there are no known exploits as of this release, an attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data into user connections. Such exploits would go largely undetected as they would appear to be cases of legitimate access to a network.
Also, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an alert with additional detail about the security updates, vulnerabilities, a mitigation strategy, and a strong recommendation for users to apply the updates as soon as possible.