Department of Information Technology

Windows 7 Security Patch

Microsoft has released a patch that remedies a serious security flaw for Windows 7 (and older) PCs.   Windows 8 and newer PCs are not affected.  The IT dept. has pushed this security patch to all SPH-owned PCs running Windows 7.  In order to take effect a reboot is required.  Please reboot your Windows 7 PC at your earliest convenience to enable this security patch.

Please contact our IT Helpdesk at (617) 432-4357 or email helpdesk@hsph.harvard.edu for any questions or concerns you may have regarding this information.

Below is a message from Christian Hamer, Harvard’s Chief Information Security Officer.

——————-
All,

There is an URGENT NEED TO PATCH WINDOWS DESKTOPS* AND SERVERS* IMMEDIATELY AND NO LATER THAN FRIDAY, MAY 17.
(*operating systems impacted are Windows XP and Windows 7 desktops and Windows Server 2003 and 2008)

You may be aware that Microsoft released critical patches for their older and even some of their unsupported desktop and server operating systems today (5/14/19) and has issued a warning that these vulnerabilities could lead to a “worm” that spreads programmatically across an entire vulnerable environment. More information is available at: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
and:
https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

There are some indications that proof of concept exploit code already exists. Because of the criticality of the issue, the likelihood that exploits will be automated, and the potential that this may happen very soon, IT IS CRITICAL THAT YOU APPLY THESE PATCHES AS SOON AS POSSIBLE!  We strongly recommend that you complete patching in your environment NO LATER THAN FRIDAY, MAY 17.

Further information about the patches from Microsoft is available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
For Windows 7 and Server 2008, and:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
For Windows XP and Server 2003.

-Christian

————————————————————
Christian Hamer
Chief Information Security Officer
HUIT Information Security
784 Memorial Drive, Cambridge, MA 02139
T (617) 384-6537 | M (617) 645-1127