Cybercriminals continuously find new ways to exploit unpatched vulnerabilities.
For that reason, major computing companies such as Microsoft release new patches monthly as a means to fix system-related flaws. However, for all too many companies, this creates a patching deficit as IT teams struggle to keep up.
Here are some of the major patches released during the month of October.
This month, Microsoft shipped patches to fix 87 security problems – of which, eleven were rated as critical.
The most urgent flaw to patch, dubbed “Bad Neighbor” by McAfee, can result in server crashes, simply by sending a crafted packet that executes arbitrary code on a remote system.
A recent proof-of-concept demonstrated by Microsoft showed the flaw as simple, reliable, and wormable. In other words, this could be turned into a self-propagating attack.
Thus, the U.S. Cyber Command warns that organizations need to prioritize this patch.
Other vulnerabilities include a certificate-spoofing bug, and an Outlook bug that allowed attackers to execute remote code, even if the user only previewed the email.
And, additional vulnerabilities execute privileged commands, such as: Specially crafted websites, ICMPv6 Router Advertisements, or a guest Hyper-V virtual machines.
Other Patches to Execute
Several other vendors joined Microsoft in issuing patches, including Adobe, SAP, Intel, Apple and Cisco.
These patches cover a variety of hardware and software vulnerabilities that affect both the everyday and specialty users.
Due to its plans to retire its flash player at the end of 2020, Adobe has refrained from issuing any recent patches. However, a critical remote code execution vulnerability merited special attention.
According to company officials, hackers could exploit this vulnerability, tracked as CVE-2020-9746, by inserting malicious strings in HTTP responses when users visit a website. Thus, an immediate Adobe Flash Player 220.127.116.115 upgrade is necessary.
If you’re running enterprise software, SAP announced security patches for 2 critical and 6 high priority vulnerabilities for SAP Solutions Manager, SAP Focused Run, SAP Business client, and SAP NetWeaver … as well as 12 other vulnerabilities for SAP products.
For those using Bluetooth devices, Intel released a security advisory addressing three BlueZ open-source stack vulnerabilities.
Apple users must also take action. On Oct. 9, the company released security software updates for iOS, iPadOS, macOS, tvOS and watchOS.
Lastly, Cisco announced patches for high-severity security flaws in both its Webex video conferencing system — the Identity Services Engine — and Video Surveillance 8000 Series IP Cameras.
The highest vulnerability, though, comes from IP cameras, which, when reset, might permit a Layer-2 broadcast.
Remote Users & Additional Devices
When companies release patches, they’re often critical in nature.
That’s why you need to make sure to upgrade your machines quickly. And, you’ll need to get all of your users to restart their computers more often.
Additionally, when you’re upgrading laptops for your remote workers, you may need to turn on their office computers to install patches.
Also, you’ll need to consider other devices on the company network that were never disclosed to your IT department. That includes security cameras, tablets, and even smartphones.
Does your organization regularly check the network for new devices? You should … often.
Get the Managed Services Your Need
If you’re like many other organizations, you may not have the time to perform checks for patches & unknown devices on your network.
That’s why we’re here to help, 24/7/365. From network design and cyber security management, to cloud computing solutions and patch updates, we’ll keep your business operating at full capacity.
There is no one-size-fits-all solution, which is why we customize everything to your specific needs. Maximize your return on IT with Ideal Integrations – we’re always by your side.
Contact us today for your risk-free consultation, no matter where you are in the world! Complete the form below or call us at 412-349-6680 to get started..