Technical Support: 412-349-6678 | Incident Response

November Security Patches and Attacks You Need to Know About

When patches don't work as intended - security patch

While Microsoft and other vendors issue patches monthly, attackers provide daily reminders to address your vulnerabilities.

As new attacks arise and software programs reach the end of their support, you need to make sure to stay current, protect your organization, and continue monitoring for malicious activity.

These newest patches and attacks serve as a reminder: strong cybersecurity requires a continued, active approach.

A few of them, in particular, stand out among them.

New Attacks: Palo Alto, SolarWinds, Zoho, and Exchange

Recently, attackers exploited zero-day flaws, initiating attacks on older systems.

As experts noted in a quarterly ransomware report, malicious actors are willing to utilize either zero-day attacks, or previously patched vulnerabilities – whatever works.

For example, one so-far unexploited critical zero-day could expose 70,000 of Palo Alto’s Security Appliances to remote code execution (RCE) attacks. Palo Alto has released patches for this firewall vulnerability, rated 9.8/10, so you’ll want to patch your firewalls before attackers make their move.

Meanwhile, the Clop Ransomware gang is using phishing scams to launch attacks on SolarWinds Serv-U (S)FTP services – and patches for this vulnerability were issued four months ago.

Because as many as 66.5% of servers remain vulnerable, SolarWinds urges immediately patching your systems. They’ve even provided a description of error codes, along with a checklist, to examine your systems for possible compromise.

Elsewhere, Zoho’s “ManageEngine ADSelfService Plus” is a password reset management program with some issues of their own.

This program provides self-service password management and single sign-on solutions for 11,000 companies worldwide. Unfortunately, nation-state attackers have been detected attacking two zero-day vulnerabilities in the software, and dropping webshell instances, even though updated patches are available.

The attacks on Zoho illustrate why patches don’t always solve the entire problem. Unless servers are directly examined and cleared, it is absolutely possible to patch your servers and still remain fully compromised.

Lastly, in a call-back to several of this year’s other problems, Microsoft has released an urgent patch for an actively exploited RCE vulnerability – this one occurring in on-prem instances of Exchange Server 2016 and 2019.

IT managers should use either an Exchange Server Health Checker or a PowerShell query to check every server for signs of attacker activity.

This is because patching these devices might not eject attackers from the system, leading to exposed Active Directory passwords.

Password protection best practices
You need to use multi-factor authentication, and here's why (click image for more).

Noteworthy November Patches

Microsoft’s November patches also address 54 other vulnerabilities, including a significant, and currently exploited, security feature bypass flaw in Microsoft Excel.

Microsoft didn’t directly detail how the vulnerability works, but no Excel patch is currently available for the MacOS.  As a result, encourage Mac users to be extra careful with Excel attachments.

In addition to current vulnerabilities, Microsoft also issued fixes for previous updates for Windows 10 version 2004, and cumulative updates for May 2021, October 2020 and May 2020. Windows 11 also released a cumulative update to fix previous patches as well.

Other notable vendors issuing November patches include Adobe, Android, Cisco and SAP.

As always, before applying updates, IT manager should verify that full backups are available so that any unexpected issues may be reversed with minimal loss of productivity and data.

Microsoft End of Life Warnings

If you’re one of the many who use older Microsoft programs, it’s important to note the following.

The final day for service for Windows 10 version 2004, and Windows Server 2004, will be December 14, 2021. OneDrive support for Windows 7, 8 and 8.1 will also end on Jan. 1, 2022.

If you’re still using these programs, now is a good time to start planning for their replacements.

While many users might easily migrate to more recent versions of Windows operating systems, others may be constrained by dependent systems or lack of budget resources.

Attackers will certainly be waiting to exploit exposed systems, so organizations that are unable to upgrade systems need to begin immediately isolating and protecting their systems.

The Takeaways

Despite the continuing high volume of patches, the rising number of attacks and increasing severity for the consequences of security breaches no longer permit IT teams to use “too busy” as an excuse.

A failure to patch or isolate obsolete systems could easily be viewed as negligence.

If an organization suffers a breach, any unpatched systems amplify penalties from regulators or judgements in a court case. Additionally, newer cybersecurity insurance policies may not pay out if an exploit used unpatched vulnerabilities.

If your organization is struggling to keep up with all of the necessary patches, you’ll probably want to consider outsourcing the job.

IT managers can easily explore options for temporary assistance and examining a specific system, or even unload the patching and updating headache entirely.

Ideal Integrations provides a spectrum of IT support services, and Blue Bastion Cyber Security can check for compromised resources.

Call us today at 412-349-6680 or fill out the form below and receive a free, no obligation consultation.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.