Ah yes, a new year.
Full of opportunity, potential, and unfortunately, new vulnerabilities & patches.
With twice the typical volume of patches to address as normal for January, expect your IT team to stay busy.
Every day that goes by without addressing these patches is a day you stay vulnerable to attack.
Third-party Overlooked Patches
Just recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed the top vulnerabilities exploited within the federal government.
The big surprise?
Some exploited flaws were identified over five years ago.
How can so many vulnerabilities remain unaddressed?
Well, this CISA list includes a host of 3rd party tools, such as Elastic Kibana (2013 and 2019 flaws), Fortinet FortiOS (2018 flaws), and IBM WebSphere Application Server (2015 flaw).
When you rely on automatic patch updates, it’s easy to forget that 3rd party tools often lie outside of the usual processes.
Without digging deep through your systems, you might not even be aware these tools are on your system – let alone maintain their updates.
Looking at it from that perspective, its’ easy to see how problems can be overlooked.
Even when you address vulnerabilities on time, things can go wrong.
If you’ve ever applied an update only to find out it crashes your system, you’re not alone.
For instance, among the current Microsoft updates, several flaws are causing critical failures:
- Windows Server Update flaws lead to spontaneous reboots of domain controllers, inability to start Hyper-V, and inaccessible Resilient File Systems (ReFS).
- Windows 10 and Windows 11 Update flaws break L2TP VPN connections.
To recover these systems, you need to undo the patches, although this re-exposes your systems to vulnerabilities. Unfortunately, this month’s vulnerabilities are significant, including:
- 41 elevation of privilege vulnerabilities
- 29 remote code execution vulnerabilities
- 9 security feature bypass vulnerabilities
- 9 denial of service vulnerabilities
- 6 information disclosure vulnerabilities
- 3 spoofing vulnerabilities
The most serious issue you’ll need to address is CVE-2022-21907, a critical remote code execution flaw in the HTTP Protocol stack. It affects affect Windows 10, Windows 11, Sever 2019 and Server 2022.
This critical flaw doesn’t even require human interaction. As a result, it remains exposed to worms and other propagating code attacks.
When Microsoft exposed a similar vulnerability in May 2021, attackers released exploit code in less than a week.
As you can see, attackers move quickly in the world of cyberattacks. So, what can you do in this case?
To mitigate the issue, Microsoft notes that the EnableTrailerSupport Windows registry value can be modified in Windows Server 2019 and Windows 10. Additionally, your IT Admins can check if machines remain exposed by using the Powershell command.
To determine if you’re systems are vulnerable, use the following PowerShell query to check the registry values:
Get-ItemProperty “HKLM:\System\CurrentControlSet\Services\HTTP\Parameters” | Select-Object EnableTrailerSupport
Other applications may also use “http.sys,” such as Microsoft’s Internet Information Service, Windows Remote Management, and Web Services for Devices. Your administrators can check for those processes by using the “netsh” command:
netsh http show servicestate
Another workaround here is to change firewall settings to block HTTP requests with trailers, at least until all systems can be patched.
Of course, this is just one of many vulnerabilities, with each requiring a separate procedure to resolve.
Thankfully, most of the other flaws aren’t as serious, and don’t require the same urgency to address.
Tracking Open Vulnerabilities
So, how do you avoid overlooking patches and updates for your business?
It’s all about the right system management policy. As difficult as it sounds, it’s important to track your assets (hardware, firmware, software), and stay current with their patches.
When put into practice, these policies guide your IT team, helping them determine how each vulnerability should be addressed, track the solution (patch or workaround), and test the result.
While specialized IT tools provide the best solution for vulnerability tracking, remember that even a shared Excel spreadsheet beats no plan at all.
However, never assume your IT team is aware of all systems and software. Occasionally perform audits on your systems, detecting and detailing the components.
Vulnerability Mitigation Assistance
Many companies outsource their operating system patching.
However, not every organization ensures that this extends to networking equipment, firmware updates, and third-party software.
And, even fewer organizations keep an updated list of assets & a vulnerability management program, let alone manage needed mitigations.
With all of the issues facing your organization today, make sure you stay on top of problems as soon as they’re discover.
If you’re looking for a little help, Ideal Integrations and Blue Bastion provide a full spectrum of outsourcing assistance from patching to designing, implementing, and testing solutions for organizations just like yours.
For more information, contact us at 412-349-6680 or fill out the form below and receive a no-obligation consultation on how we can help audit, update, and protect your organization today!