Industrial Control Systems at risk

Industrial Control Systems at risk
Industrial Control Systems at risk from new Remote Desktop Services vulnerability

Today Microsoft took the unusual step of releasing security updates for Windows XP, Windows 7 as well as Windows Server 2003 and 2008 to address a serious security issue with Remote Desktop Services.  This vulnerability can be executed remotely and with no user interaction.  The advice from Microsoft is:

"If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows"

In 2017, a very similar vulnerability was exploited by the WannaCry worm which infected hundreds of thousands of machines shutting down several hospitals in the UK as well as Telefonica and other high profile companies.

Industrial Control Systems are particularly vulnerable to these threats because they often have remote desktop services enabled, are often running obsolete versions of windows, may not have regular backups taken and are not regularly patched because in a lot of cases they don't have direct internet access.  Some people believe that because a server or PC is not directly connected to the internet, that it is not at risk, however worms like WannaCry are able to quickly jump from machine to machine inside networks, so all it takes is for a user somewhere on the network to be infected and your plant floor systems can be taken down.

If you are concerned about the risk to your business please contact Crossmuller for a no obligation assessment of your control system and automation infrastructure.

You might also like these articles

CSIA Certified
CSIA Certified
4 minute read
Crossmuller Recently Passed an External Audit to Become CSIA Certified
Retail Meat Packing Facility Commissioning
Retail Meat Packing Facility Commissioning
3 minute read
Crossmuller was contracted by a leader in the Food Retail Industry to assist commissioning one of Australia’s largest fully automated meat packing facilities.
Crossmuller a founding member of the Wonderware Model Driven MES competency program
Crossmuller a founding member of the Wonderware Model Driven MES competency program
1 minute read
Achieving low cost multi site ownership with a model driven MES