MAS advises financial institutions to patch Windows system after security flaw detected

MAS advises financial institutions to patch Windows system after security flaw detected

FILE PHOTO:  A Microsoft logo is seen in Los Angeles
FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Photo

SINGAPORE: The Monetary Authority of Singapore has advised financial institutions to install security updates after critical vulnerabilities were discovered in the Microsoft Windows Operating system. 

Microsoft had rolled out important security fixes earlier this week after a serious flaw was discovered in its operating system that would have allowed hackers to gain computer control of computer systems.

MAS said it issued an advisory on Wednesday (Jan 15) alerting financial institutions in Singapore.

“MAS had informed financial institutions using the affected Windows Operating Systems to take immediate action to install the relevant patches,” said the authority in a media release on Friday.

“Financial institutions should also take mitigating measures to prevent the vulnerabilities from being exploited.”

According to the Cyber Security Agency of Singapore (CSA), one of the security flaws allows hackers to forge digital certificates, used by Windows to authenticate data, to sign an executable file, making it appear to be from a trusted and legitimate source.

Another flaw exists in the Windows Remote Desktop Protocol, which would allow a pre-authenticated hacker to connect to a target system and gain control of it.

“MAS will continue working closely with financial institutions to monitor the cybersecurity developments and ensure that IT systems in the financial sector are safeguarded and remain resilient against cyber threats,” the authority said.

In 2017, thousands of computer systems around the world were hit by ransomware software WannaCry, which targeted computers running older versions of Windows to demand ransom payments in Bitcoin cryptocurrency.

Singapore was spared from the brunt of the global ransomware attack, which has been blamed on North Korean hackers by the United States.

Source: CNA/ec

Bookmark