 |
| Source: Palo Alto Networks |
Why does Microsoft keep finding vulnerabilities and how serious are they?
We would like to take a different tack on this question, and would rather ask “why do major software vendors all over the globe keep discovering and patching vulnerabilities in their software?” When you ask it in this way, you realise it goes far beyond the vulnerabilities that receive media attention such as Microsoft. Oracle's Java is probably one of the widest deployed and most exploited by web attack tool kits.
There will always be bugs, or flaws in software, especially when you are talking about complex applications with millions of lines of code. In most cases they are unintentional, though they can sometimes be planted by malicious insiders or adversaries with access to an organisation’s network.
You hear about Microsoft more than others due to how widely used their software is, and the impact it has on this large user base. Not only this, but they are in many ways leading the charge with the Microsoft MAPP programme, which many companies participate in, to share the latest information on vulnerabilities to protect customers and the industry as a whole.
You hear about Microsoft more than others due to how widely used their software is, and the impact it has on this large user base. Not only this, but they are in many ways leading the charge with the Microsoft MAPP programme, which many companies participate in, to share the latest information on vulnerabilities to protect customers and the industry as a whole.
Make no mistake, these vulnerabilities are serious, and all of the ones Palo Alto Networks has discovered for Internet Explorer receive the highest ranking of “critical” by Microsoft, but we believe that this open and responsible disclosure of vulnerabilities, and the sharing between vendors, is a powerful tool against adversaries.
What do the vulnerabilities allow attackers to do?
What do the vulnerabilities allow attackers to do?
Fundamentally, adversaries can exploit these vulnerabilities to gain an initial foothold in a system. This foothold allows advanced attackers to control the system, install malware, and use that as an initial pivot point to move around the network. Typically, stealing intellectual property is their goal, though they can also seek to bring down systems or deface a company’s public presence. From a technical sense, critical vulnerabilities like those we have discovered allow 'full remote code execution', meaning that an attacker can execute code of their choice on the system from anywhere in the world.
What can businesses do to protect themselves against these vulnerabilities?
We should be shifting the conversation to encourage businesses to put pressure on companies to fix vulnerabilities as well as the primary application that may use the vulnerable software and help all business to know if they are at risk. Often I hear that companies have to use old out of date vulnerable software because the vendor that has supplied hasn't gotten around to fixing it.
What can businesses do to protect themselves against these vulnerabilities?
We should be shifting the conversation to encourage businesses to put pressure on companies to fix vulnerabilities as well as the primary application that may use the vulnerable software and help all business to know if they are at risk. Often I hear that companies have to use old out of date vulnerable software because the vendor that has supplied hasn't gotten around to fixing it.
As an example – the only reason why one company we talked with had a vulnerable version of Java installed on every employee's computer was due to the vacation request software that required it! This single issue put their entire company at risk of silently being compromised by a web attack tool kit.
There are many ways to protect your organisation, but they boil down to a few core concepts:
- Keep your applications patched and up-to-date. Vulnerabilities generally only affect certain versions of software, and you greatly reduce your attack surface by applying the patches vendors provide, which close these gaps
- Employ basic security protections such as an intrusion protection system or an intrusion detection system (IPS/IDS) to prevent exploitation of vulnerabilities at a network level. Choose a vendor who has a record of creating and deploying new signatures quickly, and is part of information sharing programmes such as the Microsoft Active Protections Program (MAPP)
There are many ways to protect your organisation, but they boil down to a few core concepts:
- Keep your applications patched and up-to-date. Vulnerabilities generally only affect certain versions of software, and you greatly reduce your attack surface by applying the patches vendors provide, which close these gaps
- Employ basic security protections such as an intrusion protection system or an intrusion detection system (IPS/IDS) to prevent exploitation of vulnerabilities at a network level. Choose a vendor who has a record of creating and deploying new signatures quickly, and is part of information sharing programmes such as the Microsoft Active Protections Program (MAPP)
- Use a next-generation firewall policy as the central control point for your network, safely enabling only the applications you need to run your business, and blocking all others
- Have a solution for discovering unknown threats crossing your network, with the ability to prevent them in-line
- Join information sharing groups with your peers, to understand breaking attacks affecting others in your industry
No comments:
Post a Comment