Patching your systems with monthly updates is usually a mundane task.
But, the severities of this month’s weaknesses aren’t exactly routine – especially if they’re actively exploited.
While “April showers bring May flowers” might be a rhyme you’re tired of hearing, April’s patches and updates bring relief from the flaws of the past.
This month, updates issued by Microsoft, VMware, and other software vendors address critical and actively exploited vulnerabilities you need to address immediately.
Even if you enjoy the convenience of a managed update service, it’s important to be aware of what exactly needs to be patched.
Just keep in mind that your managed service contracts only cover the software actually mentioned within your contract – so be sure to check you’re actually covered.
Microsoft Security Patches
As usual, Microsoft security patches steal the headlines this month.
After all, their widespread use makes any vulnerability a more impactful issue.
April’s patches and updates address 128 security vulnerabilities for the operating system and other Microsoft products.
So, just how bad are they?
Well, for starters, ten of the patched vulnerabilities have been declared “critical”.
Even further, the Windows Common Log File System Driver vulnerability even merits special notice from the Cybersecurity and Infrastructure Security Agency (CISA).
The weakness, which April’s security patches and updates addresses, allows for privilege escalation in the Windows Operating system, and could be easily paired with other attacks.
In fact, CISA even went so far as to add it to the Known Exploited Vulnerabilities list.
As a result, government agencies only have three weeks to patch this vulnerability.
But that’s not all – there’s another major flaw to know about.
Another blocked zero-day vulnerability in the Windows User Profile Service might require high skill to exploit, but researchers have already published proof of exploit code.
And, with this information public, attackers sure to jump on it soon.
Four other patches address potentially wormable vulnerabilities within in the Network File System, Remote Procedure Call (RPC), and Windows Server Message Block (SMB).
A similar Eternal Blue SMB vulnerability enabled the infamous NotPetya and WannaCry attacks, making it a very serious issue.
Fortunately, internet-based exploitation can be blocked by closing TCP port 445 on external firewalls -at least until April’s patches and updates are completed.
The good news is, it’s not all terrible news.
The April patches and updates for Windows 11 issued this month also provide improved functionality for a better user experience.
For example, one key update simply helps you switch default browsers.
As a final thought: if you’re a Windows 10 user, keep in mind that Microsoft issued a reminder that this would be the second to last update for Windows 10 versions 1909 and 20H2.
Need help with your patches and updates? We’re here to help, 24/7/365. Get started here.
Other Notable Security Patches and Updates
Though Microsoft almost always steals the show when it comes to updates, they’re not the only one to consider.
If you’re a VMware Solutions use, you’ll need to move fast to patch a server-side template injection vulnerability.
This weakness allows attackers to use remote code execution (RCE) to exploit your systems.
Already, several “proofs of concept” for exploit have been published, and cryptojackers have already launched attacks to install coin miners.
Though less significant, more widespread April patches and updates were addressed in Google’s Android, various Adobe products (including Adobe Acrobat and Reader), and Cisco devices.
Note that these may not be included in your standard OS patching agreements, so be sure to double-check your patching status.
A Caution On macOS Patches
Earlier this month, Apple hurriedly patched two zero-day vulnerabilities in macOS and iOS which were under active attack.
Both vulnerabilities allowed attackers to access or disrupt the OS kernel activity.
Since many Apple products update automatically or can be easily updated, you might not even worry about April patches and updates.
However, in this case, up to 40% of Macs could remain vulnerable.
Here, Apple only released updates for the latest macOS Monterey, iOS 15 and iPadOS 15 operating systems, failing to address the vulnerability in older versions such as Big Sur or Catalina.
Widely used by marketing departments, there could be many older macOS computers and old iPads with unpatched vulnerabilities
Just like your Windows XP and Windows 7 devices, it seems like you might need to add older macOS devices among the same category which need extra security precautions.
Of course, even when systems stop receiving official updates, there are still a variety of ways to secure your outdated software.
The Takeaways
No matter what systems your business uses, tracking April patches and vulnerabilities is critical, just like always.
When vulnerabilities remain unaddressed, it’s typically because IT teams lack:
- bandwidth to work on patching
- an asset inventory to know a device or software needs patching
- the skill to implement a control to protect a vulnerable system
Bandwidth, asset inventory, and skill can all be easily obtained through outsourcing.
But, IT consultants like Ideal Integrations are always readily available by phone (412-349-6680) or by filling out website forms to obtain non-obligation consultations.
Our teams can supplement internal resources, provide full outsourcing, perform vulnerability scans for unpatched or unprotected devices, and propose controls to mitigate vulnerabilities.
We can also perform security monitoring to ensure that any attackers exploiting zero-day vulnerabilities are detected faster and stopped sooner.