February’s Patching Tuesday arrived with another batch of urgent and critical patches for vulnerabilities.
One set of three Windows TCP/IP vulnerabilities even merited a special warning.
The three critical and high-severity vulnerabilities all expose organizations to remote exploitation by unauthenticated attackers, and should be patched as quickly as possible. Two of the vulnerabilities allow remote code execution attack. And although the complexity needed to exploit the vulnerability is high, Microsoft still cautions that patches should be applied within a month.
However, the third vulnerability enables malicious attackers to create a denial of service (DoS) exploit via a stop error on any windows system exposed to the internet. The simplicity of the third vulnerability suggests that attackers will be seeking to exploit this flaw on unpatched systems in the very near future.
For those who cannot quickly apply patches, Microsoft provided separate IPv4 and IPv6 workarounds. Customers of Ideal Integrations’ patch management services already have these issues addressed, but if your team needs help applying emergency patches or workarounds, call Ideal Integrations at 412-349-6680 or fill out the form below for immediate attention.
Now, let’s break down what else you need to know.
More Windows Patch Updates
Beyond the special warning, 9 of the 56 vulnerabilities patched this month merit critical rating.
One flaw already being actively exploited by attackers only merits an important rating because it also requires the malicious actor to already have access to the system.
Another vulnerability allows an attacker to crash a Windows 10 system when a user simply opens the directory in which the file is stored. While thoroughly annoying, experts worry that malicious actors will use this method to disrupt a breached system in order to cover up other activities.
Of special note: Two critical vulnerabilities exist within Microsoft’s .NET Framework component. These require special attention during patching because the automated monthly patch roll-up typically does not include .NET updates.
Adobe, Apple, Intel & More
Many other vendors also released patches in February.
But, since these patches are not bundled within Windows 10’s update, IT teams will need to address them separately.
Adobe fixed vulnerabilities within Adobe Acrobat and Adobe Reader, for both Windows and macOS, that have been used by attackers to execute arbitrary code. SAP provided patches to fix vulnerabilities to several products that allowed attackers to execute remote code, trigger DoS, and more.
Apple fixed vulnerabilities in several of their macOS operating systems, including one flaw that allows an attacker to gain root privileges on both macOS systems and Linux systems. Similar to Microsoft, Apple also strongly advises that users install the security updates ASAP.
Intel patched 57 security vulnerabilities, including an Intel Graphics Driver flaw rated as “high severity” because it allowed attackers to escalate privileges. These patches affect multiple Intel processor generations, several types of Apple devices (patches released by Apple), and Windows microcode.
The patches from Cisco, Fortinet, and Sonic Wall protect vulnerabilities within networking infrastructure. Cisco’s patches address issues in Cisco iOS, Cisco Security Manager, Cisco Identity Manager, and their SMB VPN routers.
Fortinet’s patched vulnerabilities address flaws that permit remote code execution, SQL injection, or DoS attacks against their SSL VPN and Web Application Firewall products.
Some of these patched Fortinet vulnerabilities were first reported two years ago and were patched previously on other Fortinet products, but IT teams need to verify if the new patches apply to currently installed systems.
SonicWall’s update patches the zero-day vulnerability in the SMA 100 series remote-access appliances that were used to attack SonicWall itself. However, applying the patch may require some users to use the built-in Web Application Firewall that requires a paid license.
For that reason, SonicWall also added a free 60-day license to that module in the new 10.x code.
Special Attention Updates
Software may be out of scope for monthly maintenance contracts that typically focus on operating system patches.
For example, if your accounting team uses SAP, an outsourced vendor may maintain the server, but may not be engaged to update the SAP software on that server.
Similarly, if a user installs Adobe Acrobat, an internal IT team or IT outsource partner may not be informed about the installation and may not know to apply any patches.
IT teams and outsource partners can check for rogue software installations or software packages that may require updates.
Getting the Right Support
Whether your organization needs a software audit, support with applying specific types of patches, or full outsourcing of updates, Ideal Integrations is here to help.
In-house expertise can be costly, and not all companies need the same solution. The team at Ideal Integrations is here to give you a complete, secure solution for all of your IT and cyber security needs.
Not only will we get you the right technical solutions, we’ll also build your network and defend it 24/7/365.
No matter where you are, we’ll be by your side!
Schedule your risk-free consultation today by calling us at 412-349-6680, or by completing the form below.