Normally, we wait until the Windows patches arrive to cover new vulnerabilities, updates, and issues.
However, the release of two urgent patches, outside of the norm, provides an important reminder: not all patches arrive on our preferred schedules. And sometimes, they involve systems outside the normal scope of operations.
Sometimes it’s tempting to put off the inconvenience of patching. But, attackers constantly circle, seeking opportunities within new, exposed vulnerabilities. To protect our systems, we must be aware, vigilant, and maintain layers of security.
New Vulnerabilities In SonicWall and Atlassian Products
Do you use SonicWall? If so, there’s an urgent patch you need to address immediately.
To protect against a critical SQL injection flaw, SonicWall advises immediate patching of their Global Management System and Analytics On-Prem product.
Unpatched systems improperly neutralize special elements in SQL Commands. So, what does that mean for you?
Well, it allows attackers to bypass authentication, access data without authorization, and delete your database data.
The critical vulnerability carries a severity rating of 9.4. This is because it’s easily exploited through network access, or by inputting specially crafted code in a web page’s form or URL query variables.
Fortunately, you can mitigate attacks against this flaw through patching, or with web application firewalls (WAFs).
Similarly, Atlassian urges customers to immediately patch Confluence Server and Data Center servers.
The Questions for Confluence app, installed on over 8,000 servers, improves communication with your organization’s internal Q&A team. However, the app also contains an account called ‘disabledsystemuser,’ which is currently installed with hardcoded passwords.
Unfortunately, this hardcoded password was published on Twitter and is widely available.
Now, attackers can use the now-public password to log into vulnerable servers, gaining access to any page the Confluence-users group can access.
After updating, Confluence encourages customers to query recent activity for the ‘disabledsystemuser’ account. If the query result returns “null” then the account exists, but no one has used it (meaning you’re safe).
Just keep in mind that these products may lie outside of normal patching processes or contracts. You’ll need to double-check to ensure these tools will be patched or protected.
Once a vendor recognizes new vulnerabilities, they create patches or mitigations. But, once they announce the fix, the clock starts ticking.
You see, hackers monitor various vendors for announcements of the latest patches. What better way to learn of an exploitable weakness than straight from the creators? And, since there’s time between the announcement and when businesses apply patches, it creates a window of opportunity for attackers.
In fact, new research reveals that hackers only need 15 minutes to prepare code to scan the internet for potential victims.
Fortunately, many new vulnerabilities will reside behind company firewalls, safe from casual scans. Plus, many of the hackers scanning won’t look to pursue immediate exploitation. Instead, they often seek to sell access to the vulnerability on the dark web.
While these facts might buy your IT security teams some time, new vulnerabilities become a liability the moment they’re announced. To reduce your liability, address these problems quickly and effectively.
IT teams not only feel pressure to act fast, but also strong pressure to double-check patches to prevent business disruption. Typical patching programs can take several weeks to verify such fixes before they’re applied to systems.
Even though this might expose systems to new vulnerabilities for several weeks, most assume that in the short term, the attack risk is lower than operational disruptions.
However, even careful checks can miss special use cases, such as:
- May Windows 11 updates broke apps using Windows Workflow and Windows Communication Foundation.
- June Windows Servers updates broke remote access connections.
- June Windows updates cause sign-in issues for Arm-devices
- June 28 updates caused USB printers to stop working
Sometimes, vulnerability patches fix minor issues, and you can simply roll them back to restore operations. Other times however, the patch addresses significant security vulnerabilities, and any roll-back or time spent checking patches leaves you significantly exposed.
Managing Threats Through Mitigation
While patching is usually the go-to solution, you can shield unpatched vulnerabilities using various other techniques. However, these methods usually require high-level IT knowledge to understand both the nature of the vulnerability and potential alternative protections.
Even though alternative mitigations require more IT hours than applying patches, these increased labor costs often outweigh operation disruption. And, they always outweigh the consequences of an attack.
When weighing options to patch, mitigate, or ignore a vulnerability, your IT team also needs an accurate understanding of what data and systems are exposed to accurately judge the risks.
For short or long-term assistance new vulnerabilities, system scans, web application firewalls, or other mitigation analysis, Ideal Integrations, along with the assistance of our cybersecurity division Blue Bastion Cyber Security, can help.
Simply contact us at 412-349-6680, or fill out the form below. Our experts will provide a no-obligation overview of how our patching and network expertise can protect your organization.