How can we reduce the risk of exploitation?
In general the advice remains the same for most businesses - make sure your systems and end-points are up to date with their patches and security products.
In this case there are some considerations with deployment that make this round of patching different from any other in the case of Microsoft OSes.
1. Your anti-virus product must be compatible and update/set an appropriate registry key – otherwise the update will not be offered automatically.
2. Post installation configuration changes are required to make full use of the protections available.
Due to the additional security measures performed by these updates – some systems will observe a loss in performance. This isn't guaranteed to be perceivable or be so great to the extent that it makes your existing applications unusable.
It is however worth preparing for this possibility and understand that an already highly utilised system is more likely to be impacted than those that a lightly used from a CPU point of view.
Also ensure that your backup software is working and in line with your recovery point and recovery time objectives. Perform test restores regularly. Review access to your backup storage and make sure this is sufficiently restricted.
Operating Systems and firmware that are out of support will likely not receive updates from Vendors.
These systems should be upgraded and replaced with supported alternatives – and their access restricted to what is necessary to operate where possible in the meantime.
For any further questions you might have, contact us.