HHS advises organizations to download latest Microsoft patches, warns of malware threat
State-sponsored hackers may be planning to exploit multiple Microsoft vulnerabilities to launch large-scale attacks against healthcare organizations, HHS warned in a June 15 email alert.
HHS’ warning is based on reports released June 13 by the United States Computer Emergency Readiness Team (US-CERT) and Microsoft. The Department of Homeland Security (DHS) and the FBI discovered evidence that Hidden Cobra, hackers allegedly sponsored by North Korea, created a malware variant, DeltaCharlie, to exploit vulnerabilities in Microsoft products, including Windows operating systems, according to the US-CERT alert. Hidden Cobra commonly targets older, unsupported Windows operating systems, Microsoft Silverlight, and Adobe Flash Player. US-CERT recommends that organizations update these applications or remove them. US-CERT also provides technical details, detection, and response information for DeltaCharlie.
Microsoft responded to information on the threat by releasing security patches for affected operating systems, including legacy operating systems. Affected systems include:
- Windows 10
- Windows 7
- Windows 8
- Windows 8.1
- Windows 8.1 RT
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Vista
- Windows XP