Cybercriminals are increasingly turning to tools that already live inside Windows to carry out attacks — and MSBuild.exe has become one of their favorites. This Microsoft-signed build utility, trusted by the operating system itself, is now being weaponized to run malicious code without ever dropping a traditional executable file on the disk. MSBuild.exe was originally […]
Santé Québec prévoit de lancer le mois prochain un projet pilote pour tester le Dossier santé numérique qui, à terme, regroupera en ligne les dossiers médicaux de tous les patients. Gilles Bélanger, le ministre de la cybersécurité et du numérique, a affirmé à Radio-Canada que les données de santé des Québécois n’étaient «pas du tout» […]
France Launches Government Linux Desktop Plan as Windows Exit Begins
https://linuxiac.com/france-launches-government-linux-desktop-plan-as-windows-exit-begins/
#Infosec #Security #Cybersecurity #CeptBiro #France #Government #LinuxDesktop #Windows
Control measures
- Logging, monitor Delivery Optimization traffic
- Segmentation, block between sensitive zones
- Endpoint security, validate integrity via EDR (Trellix in your case)
Therefore, allowed only on a controlled internal network
- Prohibited via the Internet
- Must be governed (GPO, firewall, monitoring)
😉
My recommendations:
- Enable ONLY on the LAN
- Disable sharing via the Internet
- Restrict via GPO, Local Network Only mode
- Control via firewall (DO ports)
- Limit bandwidth (QoS / policy)
Data integrity:
- Updates are signed (Microsoft)
- Robust cryptographic validation
Risks are low (strong control)
Organizational disruptions:
- Difficulty with control / visibility
- Increased network complexity without governance
Risks are moderate
Therefore, the real challenges are:
- Increased network surface area
- Lack of traffic control
- Uncontrolled Internet usage
- Impact on network performance
To be continued
Impersonation, unlikely directly BUT a compromised device can act as a “legitimate” peer
Risks are indirect
Increased exposure to threats:
- P2P enabled, increased network surface area
- Especially if the “Internet” option is enabled
Risks are moderate to high (depending on configuration)
Availability, consumption of:
- Bandwidth
- CPU / disk
- May impact critical workstations or sensitive networks
Risks are moderate (especially in restricted networks)
To be continued
Data exfiltration, not designed for exfiltration, BUT:
- Additional network channel exploitable in the event of a compromise
- Can be hijacked to mask traffic
Risks are low to moderate (pivoting possible)
Logical attacks, theoretical risk:
- Injection of malicious packets
- Man-in-the-Middle attack (mitigated by Microsoft signature)
Risks are low (strong Microsoft integrity checks), but not zero
To be continued
