After discussing updates for much of the last few weeks, we won’t cover this month’s Windows patching Tuesday in too much detail. However, some recent patches are just too important to ignore.
Attackers continue to create malware more quickly and increasingly easy to acquire. So, in order to ensure proper risk assessment & management, it’s important to understand what these vulnerabilities mean.
Let’s took a look at some of the latest, and what they mean to your business.
Recent Vulnerabilities of Priority
In this week’s patched vulnerabilities, let’s start with two flaws flagged by the US Cybersecurity and Infrastructure Security Agency (CISA) for immediate remediation. Although both recent vulnerabilities are actively exploited, they also have available patch updates.
The first applies primarily to servers, and involves a path-traversal bug in the UnRAR utility for Unix and Linux systems. The flaw allows the attackers to bypass antivirus controls to extract malware from container files and place them into trusted directories for execution.
Now, you should know that some Exchange servers require administrators to manually enable Extended Protection to fully block attacks. Just make sure you verify your systems receive the fixes they require.
Explaining Windows & Other Vendor Vulnerabilities
In total, Microsoft issued patches for 118 security issues, nearly three times the number of vulnerabilities patched last August. As if this wasn’t enough work, patching teams also received updates on the same day for:
- Adobe: 25 vulnerabilities in 5 products including Adobe Acrobat & Reader
- Cisco: including 2 critical and 2 high vulnerabilities
- SAP: including 1 critical and 1 high vulnerability
How can you explain and prioritize these recent vulnerabilities in the simplest terms?
Let’s break down and define the vulnerabilities cited by these vendors.
- Authentication Bypass: These vulnerabilities allow attackers to gain access without interference from authentication controls.
- Denial of Service: The software, hardware, or network may be disabled and rendered non-functioning through exploits.
- Elevation of Privilege: The attacker can use the vulnerability to gain rights or privileges that would normally be denied to their software or current user identity. Those rights can then be used for other malicious purposes (typically data access, malware execution, or changing security settings).
- Information Disclosure: Data or security elements (passwords, directory indexing, RSA private keys, etc.) might be extracted through this vulnerability.
- Insufficient Validation of Untrusted Input: When software fails to properly validate input, the unvalidated input could lead to crashes, erratic behavior of the software, or even security exploits. The impact depends upon the software and function that contains the vulnerability.
- Memory Leak: This vulnerability can cause the software to fail to release memory and impair system performance.
- Remote Code Execution: The attacker can execute code or run programs (usually malware or hacking tools) with reduced or no restriction.
- Path Traversal Bug: Attackers can gain access to restricted directories to index them or deploy malicious files.
- Spoofing: This vulnerability allows an attacker to impersonate an authorized or trusted user, software, or device.
Memory Leak Issues
Memory leaks don’t impact security, but instead slow or crash computers.
The good news?
Failure to patch memory leak issues remains more of an annoyance than a danger. However, over time, it’s possible that delays caused by slower speeds and crashes add up to significant lost time.
They might not pose a security risk, but they’re not exactly something you want lingering, either.
Picture a line of dominoes, standing neatly in a line. Push one over, it knocks the next one down, and starts a chain reaction of falling dominoes.
That’s where this term comes from. One issue leads to another, which can lead to another, and so forth, down the line.
Although hardly an official category, ‘one-domino’ phrasing helps those not normally exposed to the cybersecurity world understand certain flaws.
You see, these vulnerabilities don’t lead to a breach or exploit on their own. Instead, ‘one-domino’ issues are used in combination with other vulnerabilities or attacks.
Elevation of Privilege, Information Disclosure, Insufficient Validation, Path Traversal, Security Feature Bypass, and Spoofing all open doors into security structures.
Though they start as the beginnings of problems, with further work, attackers can eventually find their way through your systems.
Direct Attack Issues
In contrast to memory leaks & one-domino issues, direct attack problems pose much more immediate threats.
For instance, Denial of Service and Remote Code Execution can do direct damage without any additional work for attackers.
If left unpatched, an attacker simply needs access to cause damage.
While all recent vulnerabilities should get your attention, direct attack issues pose immediate threats.
Fixing Recent Vulnerabilities
Ultimately, the danger of an unpatched vulnerability depends upon where it is located.
A direct attack issue in an isolated system will be less dangerous than a one-domino vulnerability in a device exposed to the internet or other aspects your business.
Fortunately, you don’t need to understand the ins-and-outs of all recent vulnerabilities, attacks, and patches.
That is, as long as you have a partner you can trust does.
That’s exactly where outsourcing comes into play.
If you would like help patching or understanding your exposure, Ideal Integrations can help, along with the support of our cybersecurity division, Blue Bastion Cyber Security. Simply contact us at 412-349-6680, or fill out the form below.
Our team of experts will gladly provide a no-obligation consultation of potential next steps and solutions.