In mid-March of this year, the attack surface suddenly increased in size. From that moment on, a large proportion of the world’s population have been working from home, outside the company network. Some of them have even been using their personal computers. All these factors increase IT systems’ exposure to multiple cyberthreats, since IT teams have less control compared to when the entire staff is working in the office.
Another aspect that significantly increases the attack surface is caused by vulnerabilities found in applications and operating systems. An endpoint exposed to one or more vulnerabilities can be the perfect gateway for a cybercriminal to make their way onto your corporate network.
Managing vulnerabilities and their corresponding patches is a complex task at the best of times. However, now that remote work has become so widespread, it is clear that applying critical updates is, for many organizations, more difficult than ever.
The latest vulnerabilities
Vulnerability management is a complex task, in part because of how many new vulnerabilities are discovered every day; last year, 12,147 vulnerabilities were discovered, an average of 33 a day. Among the latest vulnerabilities discovered this year we can highlight the following:
- CVE-2020-0609. This vulnerability exists in Windows Remote Desktop Gateway (RD Gate) It a remote code execution vulnerability, and it exists when an unauthenticated attacker connects to the victim’s system via RDP. The vulnerability requires no user interaction, and if exploited successfully, the attacker could arbitrarily execute/inject code into the system.
This vulnerability is particularly critical these days, since millions of remote workers are using remote desktop connections to work from home. - CVE-2020-0674. This vulnerability affects how the scripting engine handles objects in memory in Internet Explorer. If an attacker successfully exploits this vulnerability, they could obtain the same permissions as a legitimate user. With these permissions, it would be possible to install applications; view, edit, or delete data; or create new accounts with full user permissions.
- CVE-2020-0604. This is another remote code execution vulnerability, and is also in a tool that is extremely useful for remote work: Microsoft SharePoint. If an attacker successfully exploits this vulnerability, they can execute arbitrary code in the SharePoint application pool, as well as in the SharePoint server farm.
Well-known vulnerabilities
As well as these recent vulnerabilities, the world’s IT systems have been dealing with many other vulnerabilities that have been known for some time. What’s more, these vulnerabilities have caused some of the most notorious cybersecurity incidents in recent years.
- EternalBlue. This vulnerability has caused many cybersecurity problems. This vulnerability exists in Microsoft Server Message Block (SMB), and was allegedly developed by the NSA (National Security Agency). Among the cyberattacks that have exploited this vulnerability are WannaCry, NotPetya, and Adylkuzz. Microsoft released a patch for this vulnerability two months before the WannaCry attacks.
- CVE-2017-5638. This vulnerability in the software Apache Struts has caused several incidents. On the one hand, it was used to launch the ransomware Cerber. On the other hand, it was behind the Equifax data breach, in which the personal data of around 143,000,000 people was stolen. Two years after this incident, the company’s security flaws are still taking their toll. A patch was available to fix this vulnerability two months before the breach.
Why aren’t these vulnerabilities patched?
Regardless of how critical they are, patches tend to be a nuisance for IT administrators: prioritizing and rolling out updates is a costly task; not only are there many updates to install, but installing them often means investing time in restarting computers and servers, interrupting the workflow.
What is the solution to these problems?
Given how important patches are and how many cybersecurity issues they can resolve, what can be done to streamline the process of applying/deploying them? At Panda Security, we have the solution make the complex patch management life cycle for operating systems and third-party software.
Panda Patch Management does not require any new agents or management consoles, since it is fully integrated into Panda Security’s endpoint security solutions. It provides real-time centralized visibility into vulnerabilities, patches, pending updates, and unsupported or EoL software. What’s more, these capabilities cover devices both inside and outside the corporate network, making it easier to update the endpoints of remote workers, which is essential at the moment.
To help with this process, we’ve prepared a whitepaper in which we explain the complex patch management life cycle, from its purpose, identifying vulnerable assets, to deploying patches. Download the whitepaper here.