Windows Source Code Leak Increases Risk
0
Created On 09/30/20 20:59 PM - Last Modified 07/19/22 23:19 PM
Objective
On September 24, 2020, the source code for Windows XP and Windows Server 2003 was leaked on the file-sharing site Mega, 4Chan, and possibly other sites as well. Microsoft stopped providing regular security updates for Windows XP when it reached its end-of-support date in 2014 and for Windows Server 2003 in 2015. Therefore, any vulnerabilities discovered since then remain unaddressed (with the unusual exception of a patch in 2017 for the WannaCry malware attack). Although the leaked Windows XP source code might have circulated privately even earlier, the recent leak makes it broadly available for the first time. As a result, more hackers can more easily identify more potential vulnerabilities to exploit.
Environment
IoT Security
Procedure
Recommended Actions
There are still millions of computers that run Windows XP and Windows Server 2003, all of which are vulnerable to attack. Especially in the healthcare industry, a large number of medical IoT devices run on Windows XP. In anticipation of a potential wave of attacks, we advise increasing your defenses now. The following are our recommendations:
- As much as possible, restrict systems running Windows XP or Windows Server 2003 from browsing the Internet and microsegment them from other network segments.
- Implement Zero-trust policies to allow only required applications, sources, and destinations.
- Enforce strong password policies on systems running Windows XP and Windows Server 2003.
- Closely monitor incoming and outgoing traffic for unusual activity on ports for commonly used services that include but are not limited to the following:
- SMB on UDP 137 and 138, and TCP 139 and 445
- RDP on TCP 3389
- SQL Server on TCP 1433
Note: Default port numbers are shown. If they’ve been changed, use the port numbers specific to your deployment.
- Enable threat prevention technologies such as Palo Alto Networks Threat Prevention for devices running Windows XP and possibly other versions of Windows, assuming they probably reuse parts of Windows XP code.
- Implement or enforce an incident-response policy that quickly disconnects a suspicious or compromised machine from the network.
- Implement or enforce cloud or offline backups for the machines running Windows XP or Windows Server 2003. Saving data to the cloud or an offline server is a safety precaution in case your organization ever gets hit with ransomware.