It seems as though nearly every day, new discoveries are made regarding software security issues.
Sometimes they’re discovered by researchers, sometimes by hackers.
But regardless of how they’re detected, what’s important is how you respond. As these issues are addressed, companies correct the flaws and issue updates and patches.
And, although many programs automatically update themselves, it’s crucial that you check and make sure they’re current.
The month of September was no different, with a host of patches and updates being released.
Here are some of the most important updates and patches you’ll need to verify.
An Urgent Apple Update
On Sept. 13, Apple issued an urgent security update.
Two vulnerabilities allow unauthorized commands to run if a file or website is opened on Macs, iPhones, iPads and iPods. But these vulnerabilities are even scarier than most; users don’t even have to click a link or a button – malicious content can simply run.
So far, only NSO Group’s Pegasus spyware actively exploited these vulnerabilities, but you can expect other bad actors to reverse engineer the patch to develop more widespread attacks.
Although Apple’s software tends to update automatically, you’ll still want to double-check your systems to make sure the upgrade is complete.
This patch for mobile devices highlights the ongoing shift from PCs within your networks to roaming mobile devices.
As this trend continues, you need to expand the scope of your patching and monitoring to include these devices.
Microsoft Updates – Is PrintNightmare Finally Over?
Even as the trend shifts to mobile, Microsoft updates remain as important as ever.
In mid-September, Microsoft patched 66 vulnerabilities in Windows, Azure, Office, SharePoint Server, the Edge browser, and more.
Two of the vulnerabilities were previously known, including one that actively exploited ActiveX. Microsoft also released patches designed to fix the last of the remaining PrintNightmare vulnerabilities that were exposed as early as June.
If you can’t immediately patch, Microsoft has issued mitigation steps for some attacks.
However, researchers warn that some mitigation may be bypassed. For example, the exploit using ActiveX can be modified to use RTF files that bypass Office security measures, or by using methods other than ActiveX.
Patches and Updates for Google, Adobe & More
Google Chromebooks, widely used in classrooms nationwide, suffered black-screen crashes for as many as 80% of users when they tried to log into their ChromeOS accounts.
Google performed a server-side fix that should eliminate the problem. However, if you’re still experiencing issues, they advise you to reach out to their support for assistance.
Experts note that you might be able to roll back the Chrome OS using a USB, or even reset the Chromebook to factory settings.
However, they also caution this approach wipes out all existing files on your computer, and it might require a network administrator to perform the reset – especially in regards to schools.
Google also issued an update to fix nine vulnerabilities including the 10th zero-day vulnerability found in Google Chrome this year.
While this flaw generally only causes browser crashes, attackers can also use the it to perform remote code execution or to evade sandboxes.
You’ll need to actively check your systems and remind users to close the browser so the update can be installed. Users often leave computers turned on with their browsers open simply for convenience.
However, with this convenience comes increased risks.
Adobe, Cisco, and SAP also issued security updates last week to address a number of vulnerabilities. Notably, Adobe’s update corrects 59 bugs affecting Photoshop and the ever-present Adobe Acrobat Reader.
Keep in mind that software updates aren’t always automatic or covered by existing patching servicing contracts.
You’ll need to check for software usage and double check that security updates have been applied throughout your entire organization.
Patching Cautions and Solutions
Even though patches weaknesses like these is important, you’ll need to apply them with caution.
Applied patches and updates can affect the performance of legacy systems, or even break them in worst-case scenarios. Before applying patches, verify you have backups in place – just in case the systems need to be rolled back to earlier states.
In other cases, patches might not be suitable to apply. In these situations, experts will need to evaluate what mitigation steps to take, and when additional steps need to be taken.
For example, hosting software in virtualized containers, or network isolation.
The Takeaways
The goal of IT is to use technology to enable your business to maximize efficiency and deliver value.
Part of that responsibility is making sure your systems are up-to-date with all the necessary patches and updates needed to stay secure.
Whether you’re running systems from Apple, Microsoft, or anything in between, staying current is one of the best ways to keep your systems safe.
Make you’re checking your systems regularly to ensure the safest experience possible
And, if your IT team struggles to keep up with regular patching or monitoring software installations, then perhaps you might need to consider outsourcing these responsibilities.
Ideal Integrations provides a wide range of outsourcing options, such as patching services, network monitoring, and IT design services.
To explore how we can help unlock time for your team, call us at 412-349-6680 or fill out the form below for a free consultation.