Photo by Christian Lambert on Unsplash
Many IT managers reached for aspirin on April 14, when major software and hardware vendors issued over 550 patches for products.
Adobe, Intel, Microsoft, Oracle, SAP and VMWare’s patches address a variety of security issues including several critical zero-day vulnerabilities.
Microsoft’s update addresses 19 critical, 96 Important, 5 moderate and 2 low-rated vulnerabilities.
Depending upon the platform, nine of them might vary in categorization.
Microsoft Office accounted for 55 of the vulnerabilities patched – of which, 12 involved critical and important remote-code-execution flaws. Many other patches applied to Microsoft SharePoint servers, and blocked cross-site-scripting and privilege-elevation security vulnerabilities.
For those without automated patching processes, security updates can be downloaded from Microsoft directly.
Security researchers focused on the SMBGhost vulnerability (CVE-2020-0796), which could be exploited by sending specifically tailored data packets to a victim’s machine.
Proof-of-concept code was released on April 1, but so far, it has not been detected in actual use.
If the number of patches is too large for an organization, admins are advised to prioritize the following patches:
- Workstation-type device patches to fix CVE-2020-0968. A remote code exploit in Internet Explorer 11 and 9 already is in use by malicious actors to attack Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics and Windows Codecs.
- The actively exploited privilege escalation vulnerability in the Windows Kernel for all Windows Devices (CVE-2020-1027)
- Sharepoint Patches for Sharepoint Servers covering remote code exploit and cross-scripting vulnerabilities.
Adobe & Oracle Vulnerabilities
Two of the vulnerabilities patched by Microsoft are critical remote-code execution flaws related to the Adobe Type Manager library.
When specially-crafted, multi-master fonts are previewed in the Windows preview pane, the remote code can be triggered.
Fortunately, these vulnerabilities will be quickly downloaded and utilized by most organizations because they are Microsoft patches.
However, not all organizations apply the same urgency to vulnerabilities patched by vendors other than Microsoft. This could be a problem for marketing teams us that use Adobe ColdFusion, Adobe After Effects, Adobe Digital Editions, and Oracle’s Java.
These tools, often used to create corporate websites and other marketing materials, may leave various organizations open to a variety of exploits.
Adobe’s fixes only account for five vulnerabilities, which include privilege escalation, system file structure disclosure, information disclosure, and application-level denial of service.
With such serious flaws, security teams will need to work with their users to make sure that affected software installations are updated on a timely basis.
“…not all organizations apply the same urgency to vulnerabilities patched by vendors other than Microsoft“
Oracle fixes also must be considered – all 400 of them.
Marketing departments will probably be most concerned about updates for Java SE, but Oracle also released patches for MySQL, E-Business Suite, Oracle Banking Platform, and Fusion Middleware.
With such a wide variety of products and patches, IT manager may need to navigate conflicting priorities between departments and resources.
Intel, SAP & VMWare
Intel published six advisories, SAP patched 33 flaws, and VMware fixed two issues.
As with most vulnerabilities, it is not necessarily the number of patches, but the severity of the vulnerability that takes priority.
Intel patched four medium and two high vulnerabilities for drivers, software and firmware.
The high visibility flaws allow escalation of privilege. And, they can be found in system firmware for Intel NUC miniPCs and Intel Modular Server Compute Modules. Two of the medium vulnerabilities are found in the Intel PROset/Wireless products on Windows 10.
Your asset management tracking system should recognize which devices in your organization have the relevant Intel software and firmware that requires the patch. If not, it may be a time-consuming process to verify each remote endpoint.
For organizations using SAP, identifying the platform running the software typically is not the biggest issue.
Instead, the systems will need to be tested to make sure the patches don’t break any of the SAP software customization completed for your organization.
SAP’s vulnerabilities range from medium to critical (a.k.a, Hot News). And, address command injection, validation, remote code execution, and other vulnerabilities.
These are significant flaws, so IT departments will be very busy testing and applying the patches.
VMWare released a patch for their vRealizeLog Insight for one moderate and one important vulnerability. However, the company rated it a maximum criticality of 10.0.
Attackers can exploit this vulnerability to extract highly sensitive information in order to compromise vCenter Server, or other services authenticating with VMware Directory Service.
Fortunately, while this flaw is very important to fix immediately, it only affects vCenter Server 6.7, which was upgraded from previous version installs.
Clean installations of vCenter Server 6.5, 6.7 or 7.0 are unaffected.
Remote Patching and Home Network Issues
As if the normal patching headache wasn’t enough, a huge portion of our workforce continues to work off site.
Our IT teams not only need to push out patches remotely, we also must ensure that all devices are sufficiently patched before they reconnect with the network.
While automation certainly helps for corporate devices, organizations allowing BYOD (Bring Your Own Device) during the coronavirus pandemic need to figure out ways to help users apply their own patches.
If that’s unreasonable for your team, the alternative is to somehow segregate those devices from the rest of the corporate environment.
Related Article: COVID-19 Cyber Attacks and Vendor Responses
In 2018, only 13% of corporations encouraged remote work.
By mid-March of this year, that number swelled to 45%. This huge surge in usage caught many IT teams by surprise, and they’ve likely struggled to keep up with the demand.
Normally, 48% of security teams patch local machines within three days, but only 42% of organizations can usually do so with remote users. With the swelling numbers of remote users, we can expect this number to drop further.
Then, when you add on a huge patching event, such as the one that occurred this month, the IT department can only scramble to catch up.
IT managers need to take a step back, and double-check priorities. Since many users are working remotely, certain patches that might have been ignored behind the corporate firewall might need immediate attention.
Recent research found that home networks were 3.5 times more likely to have at least one malware, and 7.5 times as likely to contain five or more types of it than a corporate environment.
Some malware, such as Mirai botnet, is found 20 times more often on a home environment.
“Normally, 48% of security teams patch local machines within three days, but only 42% of organizations can usually do so with remote users.”
Forty-five percent of organizations have one or more malware-infected devices connecting from a home network. And, 25% of devices on home networks are exposed on the internet.
Although most of us were already concerned about home network exposure, having solid numbers is somehow more disturbing.
The Right Cybersecurity & IT Support
There are many tools and techniques available to protect your network from viruses and unpatched devices.
Network Access Quarantine Control screens devices and limits their access until issues are remedied. The risk of allowing connections can be mitigated by implementing Zero Trust frameworks, and by micro-segmenting the corporate network.
If you find your team struggling to catch up with the needs of patching or protecting your remote users, contact Ideal Integrations or Blue Bastion today!
We can help with patching, to detect BYOD devices that are not up to corporate standards, and to set up protection for your network. We can monitor your networks for attack and remediate issues on your behalf.
Remediation from a breach or attack takes far more time and money than preparing for issues in advance. Let us help your team during these difficult times so little problems can’t become huge headaches.