Nowdays, most security breaches are due to known and unpatched vulnerabilities. However, many companies view patching as an overhead activity. As a result, there is real pressure to manage patching as efficiently and effectively as possible in terms of desktop security.
For example, if the patches released by Microsoft in August 2020 have not been installed on your desktops, a Windows computer can be hacked through everyday office work activities – “innocent ways” such as:
• Play a video file — due to flaws in Microsoft Media Foundation and Windows Codecs
• Listen to audio — due to bugs affecting Windows Media Audio Codec
• Browser a website — due to ‘all time buggy’ Internet Explorer
• Edit an HTML page — due to an MSHTML Engine flaw
• Read a PDF — due to a loophole in Microsoft Edge PDF Reader
• Receive an email message — due to another bug in Microsoft Outlook
Malware and Ransomware
Simply put, ransomware is a subset of malware. Malware attacks usually come in the form of a computer virus or worm. Malware tends to be specific to a platform like Windows, or even an application. This allows the malware to target specific security holes or improperly configured systems. Ransomware comes into play when the malware notifies the system’s user that it has been attacked, but after it has done something to the computer such as encrypt the disk or files.
Common infection method – MalSpam by definition is malware delivered via email, and as such, this will always be the infection vector for malware with this classification. There is no limit or restriction to the types of malware which can be sent via email. Ransomware prevents users from accessing their system or personal files and demands ransom payment in order to regain access. Also, one of the popular infection method – Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad.
What we have seen in last few years is that the vulnerable desktops and their software are the most common way to suffer from a ransomware attack.
Microsoft fixes 120 vulnerabilities – August 2020
One of the latest examples is that the Microsoft this month released its batch of software security updates for all supported versions of its Windows operating systems and other products. This month’s Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity.
There are also two zero-days — vulnerabilities (CVE-2020-1464 and CVE-2020-1380) that have been exploited by hackers before Microsoft was able to provide today’s patches.
CVE-2020-1464 – With this vulnerability, an attacker could bypass security features, exploiting a flaw validating file signatures, to load improperly signed files.
CVE-2020-1380 reads like a “standard” Internet Explorer browser remote code execution attack. Through memory corruption, an attacker could execute arbitrary code in the context of the current user. While this is marked as a browser vulnerability, it’s worth noting that Microsoft Office documents hosting portions that use the IE rendering engine is another entryway.
Since zero-day vulnerabilities pop up all the time, it’s very important to be proactive by ensuring that all security-related patches are installed.
How can ITAF help you?
It is vitally important to verify your patch management solution is working as intended, making reporting a key feature in any patch management solution.
In order to help you with Desktop security patching, ITAF’s specialized professionals can monitor and manage patches for your workstations so that your operating systems and applications are always up to date and secure. ITAF uses specialised tool for the deployment of security patches, which covers PC, Mac and 3rd party software for both Windows and Apple Operating Systems.
Contact us for more information.