This is a disturbing trend and something all organizations should take into consideration from a security procedures perspective.
The output of this study is intriguing and certainly reinforces the trend in application control, stateful application control, and file integrity monitoring solutions. Understanding application usage and behavior as well as privilege management are key to detecting and defending against malicious attack.
These are very important statistics to take into account when planning defensive strategies to mitigate risks to your organization. Budgets are certainly finite, so applying funds to defend high risk situations is a prudent approach.
I must admit that I am absolutely infuriated at the US Navy for putting itself in a situation to have to rely on Windows XP for critical systems. Everyone, and I do mean everyone, had plenty of warning to upgrade and migrate. This speaks directly to the bureaucracy and narrow mindedness associated with so many of our government’s programs and processes. This is why systems are so vulnerable and susceptible to compromise.
Everyone should take heed. This is an example of what not to do. This is how systems get compromised and infrastructure breaks down. Proper life cycle management can prevent this type of issue from happening to any organization.
Please patch accordingly. As Krebs is reporting, this vulnerability is being actively attacked in the wild.
This is a strong summary of the pitfalls associated with continuing to run Windows Server 2003 after the July deadline. Upgrading is an absolute necessity from a security and/or compliance perspective.
This is a painful truth that frankly applies to many free services provided via the Internet. That said, there are still good guys online providing free services. Simply be diligent in your investigations and check before you click.
It is great to see that Samsung has responded to this threat and pressed forward a patch in relatively quick order.
The size and scale of this particular vulnerability is not yet completely clear. I would imagine a keychain patch is forthcoming.