Hello, Crown Clients and Friends!
In last week’s post, we briefly mentioned “zero day” vulnerabilities in software, and how our behavior as users doesn’t really affect our security with this type of attack. While this is mostly true, there is one caveat: patching or updating your software regularly is the one of the strongest ways to protect yourself from some of the most damaging attacks on your network. When operating system and server software updates are available, having scheduled downtime to update the software is critical to keeping your company’s data and network secure.
What is an exploit?
Modern computer programs are complex: they are often built up over many years, by many developers, from many preexisting codebases. Any mistakes or vulnerabilities in a small piece of code can become a method for attacking users. If the mistake just leads the software to crash or malfunction, it’s called a bug, but if it allows the software to be used for an attack, it’s called an exploit. The most dangerous forms of these exploits make it possible for a threat actor to execute whatever they would like to on your machines.
If an attacker knows of an exploit before the software vendor does, they can freely exploit it to gain access or information from users of the software in question, and possibly take control of entire networks. In this scenario, the software is “broken,” and eventually either a security researcher or an attacker will find the exploit. If a researcher finds it–typically for a paid bounty–then the software maker will be given a certain amount of time to fix the problem by issuing a patch. Once the patch is released, one of the ways to make the vulnerable software safe again is by applying the update.
What needs to be patched?
It’s best to assume that virtually every piece of software could be vulnerable at one time or another. Previously secure software may become vulnerable in the future as well, so the best practice is to always keep software up-to-date when it comes to security patches. If a vendor issues a security patch for any software, it needs to be applied.
The most obvious type of software that needs regular patching is operating systems, but other types of software, especially on servers, regularly need updating too. Recently, Microsoft has been receiving a great deal of scrutiny for exploits found in Exchange Server, Azure, and Windows, and regularly issuing patches for affected users. The exploits across all three of these platforms are fairly severe, and if your organization uses these systems, it should be a very high priority to apply the patches as they roll out.
How does an IT team apply these patches?
On computers and devices that are for personal use, it’s considered good practice to let the operating system perform its updates automatically. For larger-scale operations, the best plan is usually to have your IT team apply updates overnight. Once operating systems and software packages are updated, workstations and servers need to be restarted and brought back online. By doing this overnight, it minimizes the disruption to your day-to-day operations and gives your IT team the ability to gather data and make sure that the updating process goes as expected. Scheduling this maintenance downtime helps ensure that your software is as secure as possible, but also increases the chances that your software won’t be the cause of unscheduled downtime because of a future attack.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team