Updating software on employee workstations is a never-ending, constant process. Thus, you may simply lack the resources to keep updating all software. On average, dozens of new vulnerabilities are found every single day; accordingly, many hundreds and even thousands of patches for them are released every month.

This poses the question: what updates should be a priority? And there’s no simple answer to that. Patching strategies can be very different, and finding the one that works best for your company can depend on various circumstances. In this post, I share some thoughts on what software should be patched first — based on the potential risk of vulnerability exploitation.

Got any vulnerabilities on your system?

Some people believe that the number of discovered vulnerabilities speaks of the given software’s quality. Simply put, more bugs means worse software, and a lack of any ever reported means that software is great. These considerations then affect their choices of corporate software.

But this is, of course, a misperception: the number of detected vulnerabilities generally speaks of the program’s popularity, not quality. You can find bugs anywhere. And most of the time, bugs are discovered where people look for them. A company could get by using some long-forgotten software product just because nobody ever found any vulnerabilities in it. But that would be an unwise strategy: what if someone actually tries and succeeds in discovering a whole load of them right away?

In a nutshell, it’s not the number of bugs that matters, but how quickly patches for them come out and if they actually fix problems. Quick and regular patching is a good thing. While rare, sporadic releases — with the vendor trying to pretend that nothing bad has happened — are a disturbing sign; such software should be avoided.

Another good thing is when the developer runs a bug bounty program — even better if the program is open for everyone. A bad thing is a vendor threatening to sue bug hunters (yes, it happens more often than one would imagine), or worse: dragging people to court for reporting vulnerabilities.

Operating systems

But let’s get back to patching prioritization. The obvious candidates for the highest priority are operating systems. All-important OS updates must be installed as quickly as possible. The risk is self-evident: a compromised OS is the key to the rest of the computer’s software.

So if you use Windows, it’s in your best interests to at least look through the list of Microsoft updates on the second Tuesday of each month, and install them ASAP. But you should still follow the news: if a Windows patch comes out on a different date, it should be installed right away.

Browsers

There are several solid reasons to prioritize browser updates. Firstly, browsers account for much of our digital activity these days. Secondly, browsers by definition interact with the internet, so they’re one of the first to be affected by any cyberthreats. Thirdly, attackers spare no effort looking for browser vulnerabilities, often succeed and quickly turn to exploiting them.

So try to install browser patches pronto. Additionally don’t forget to restart your browser after an update: until you do, the old, vulnerable version remains in use. Keep in mind that your system may have more than one browser installed. They all need timely updates.

And speaking of multiple browsers, there’s a couple of things to keep in mind:

  • Internet Explorer: hardly any user’s free choice anymore, but this browser is still featured on any Windows computer — and needs timely patching.
  • Many desktop apps (for example, messengers) are based on the Electron framework — technically a Chromium browser opened in a web app. Don’t forget to update them too, as they automatically inherit every Chromium flaw out there.

Office suites

Attacks through emails with malicious attachments are a classic cybercriminal move. They mostly rely on infected files — especially Microsoft Office and PDF documents. This means that office suite programs’ vulnerabilities often serve as an entry point into the target company’s network. Therefore, you should pay close attention to office software updates.

In most cases, malware attachments don’t open themselves — somebody has to click on them. That’s why it’s important to provide information security training for your employees — for example, on our interactive educational Kaspersky Automated Security Awareness Platform.

It’s also a good idea to set up an internal communication channel with your information security department: on the one hand, to alert your employees about relevant threats and improve general awareness; on the other, to receive their reports on various suspicious activity, including in their email boxes.

Cybersecurity solutions

As mentioned above, vulnerabilities can be found in any software — and security products are no exception. Antiviruses and other information security applications need lots of high-level permissions to operate efficiently, so a successful exploitation of a security solution’s vulnerability might cause very serious problems.

Security software developers are aware of the potential danger of such a scenario better than anyone else. Therefore, they try to promptly respond to reported vulnerabilities and release updates ASAP. Of course, promptness is equally important when installing those patches. We recommend monitoring your security products’ updates diligently and prioritizing their installation.

Work collaboration apps

One more software category that has earned special significance for office employees in the past decade requires special attention. I’m referring to work collaboration apps, such as Microsoft Teams, Slack, Confluence, and the like. In many companies these have gradually taken over a considerable part of business correspondence, file exchange, and conference calls.

Naturally, collaboration tools have become an attractive target for cybercriminals: they can usually learn a lot of juicy things from the content that’s transferred through collaboration apps. It’s important to keep these apps up to date with the latest security patches.

Here’s one more reason not to postpone updating your collaboration tools. As I mentioned above, every app based on the Electron framework is technically a Chromium browser — with all its vulnerabilities so popular among cybercriminals. And guess what? Electron is also quite a common framework for collaboration tools. For instance, it’s the backbone of the desktop versions of both Teams and Slack.

To protect employees’ computers from hacking at those unpleasant moments when a vulnerability has already been found but a patch for it hasn’t yet been released, be sure to use reliable protection on all corporate devices. By the way, a number of our solutions for business — including Kaspersky Endpoint Security for Business and Kaspersky Hybrid Cloud Security Enterprise — feature the built-in Kaspersky Vulnerability and Patch Management system that helps you automate and properly prioritize your software updates.


#software #patched

Koléksi patch Juli Microsoft tétéla janten kejutan. Mimiti, aranjeunna sakali deui ngalereskeun Internet Explorer anu sigana maot. Kadua, saloba genep kerentanan geus aktip dieksploitasi ku panyerang. Katilu, dua tina genep ditutup, sanés nganggo patch, tapi kalayan rekomendasi.

Ieu jumlah statistik: 132 aliran ditutup – salapan diantarana dianggap kritis. Eksploitasi 37 kerentanan tiasa nyababkeun palaksanaan kode anu sawenang-wenang, 33 diantarana – pikeun ngangkat hak husus, 13 – ngalangkungan fitur kaamanan, sareng 22 – kamungkinan, panolakan jasa.

Naha aranjeunna patch Internet Explorer?

Kami nembe nyerat yén Internet Explorer parantos maot – tapi henteu cekap. Khususna, urang ngobrol ngeunaan saran Microsoft pikeun tetep masang apdet kaamanan ngeunaan IE, sabab sababaraha komponénna masih aya dina sistem. Sareng ayeuna janten jelas naha aranjeunna masihan naséhat ieu. Patch Juli nutup saloba tilu vulnerabilities dina MSHTML, mesin di jero browser legendaris. Dina pedaran CVE, Microsoft nyatakeun ieu:

Sanajan Microsoft geus ngumumkeun deprecation tina aplikasi Internet Explorer 11 dina platform nu tangtu sarta aplikasi Microsoft Edge Warisan geus deprecated, platform MSHTML, EdgeHTML, jeung Aksara kaayaan masih didukung. Platform MSHTML dianggo ku mode Internet Explorer dina Microsoft Edge ogé aplikasi séjén liwat kadali WebBrowser. Platform EdgeHTML dianggo ku WebView sareng sababaraha aplikasi UWP. Platform naskah dianggo ku MSHTML sareng EdgeHTML tapi ogé tiasa dianggo ku aplikasi warisan anu sanés. Pembaruan pikeun ngatasi kerentanan dina platform MSHTML sareng mesin skrip kalebet kana Pembaruan Kumulatif IE; Parobihan EdgeHTML sareng Chakra henteu dilarapkeun kana platform éta.

Pikeun tetep ditangtayungan sapinuhna, kami nyarankeun yén para nasabah anu masang apdet Kaamanan Ngan masang apdet IE Cumulative.

Anu paling bahaya tina kerentanan IE anu nembé kapendak nyaéta CVE-2023-32046, sareng éta parantos dianggo dina serangan nyata. Eksploitasi anu suksés ngamungkinkeun para penjahat cyber naékkeun hak-hakna pikeun korban. Skenario serangan ngalibatkeun ngahasilkeun file jahat anu dikirim ka korban ku mail atanapi hosted dina ramatloka compromised. Sadaya anu diperyogikeun ku panyerang nyaéta ngayakinkeun pangguna pikeun nuturkeun tautan sareng muka filena.

Dua kerentanan anu sanés – CVE-2023-35308 sareng CVE-2023-35336 – tiasa dianggo pikeun ngalangkungan fitur kaamanan. Urut ngamungkinkeun penjahat cyber nyieun file bypass mékanisme Mark-of-the-Web ambéh maranéhanana bisa dibuka ku aplikasi Microsoft Office tanpa mode Protected View. Jeung duanana liang bisa dipaké pikeun nipu korban kana ngakses URL di Zona Kaamanan Internet anu kirang restrictive ti dimaksudkeun.

Rekomendasi tinimbang patch

Dua kerentanan salajengna ogé dieksploitasi sacara aktip, tapi tibatan patch pinuh, aranjeunna ngan ukur nampi. saran kaamanan.

Kahiji – CVE-2023-36884 (kalawan rating CVSS 8.3) – keur dieksploitasi dina serangan RCE Storm-0978 / RomCom on Kantor sarta Windows. Pikeun tetep aman, Microsoft nyarankeun nambihan sadaya executable Office kana daptar FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION.

Masalah kadua anu teu direngsekeun aya hubunganana sareng penandatanganan supir tingkat kernel. Ieu henteu gaduh indéks CVE, tapi ngan ukur pituduh sareng saran (ADV-230001). Microsoft ngabatalkeun seueur sertipikat pamekar anu dianggo dina serangan APT sareng meungpeuk sababaraha supir jahat, tapi panyababna tetep. Peretas masih tiasa ngadaptarkeun supir nganggo sertipikat Microsoft, atanapi ditandatanganan ku tanggal anu di-backdated pikeun dianggo salaku salah sahiji pengecualian sareng henteu ngabutuhkeun tandatangan portal pamekar MS.

Salaku pancegahan, Microsoft nyarankeun tetep Windows sareng EDR diropéa. Hiji-hijina panglipur leutik nyaéta pikeun ngamangpaatkeun éta supir, panyerang kedah gaduh hak istimewa administrator.

The vulnerabilities sésana dieksploitasi

Salian ti kerentanan anu disebatkeun di luhur, aya tilu deui liang anu dieksploitasi ku cybercriminals.

  • CVE-2023-32049 – SmartScreen fitur kaamanan bypass kerentanan. Eksploitasi ngamungkinkeun panyerang nyiptakeun file anu muka tanpa ningalikeun peringatan Windows “Diunduh tina Internét”.
  • CVE-2023-36874 – kerentanan eskalasi hak husus dina jasa ngalaporkeun Kasalahan Windows. Ngidinan panyerang pikeun ningkatkeun hak istimewa upami aranjeunna parantos ngagaduhan idin normal pikeun nyiptakeun polder sareng file ngawaskeun kinerja téknis.
  • CVE-2023-35311 – Kaamanan fitur bypass kerentanan dina Outlook. Eksploitasi ngabantosan penjahat cyber ngahindarkeun peringatan nalika nganggo sawangan.

Kumaha tetep aman

Pikeun ngajaga sumber daya perusahaan aman, kami nyarankeun masang patch kaamanan pas mungkin, sareng ngajagi sadaya komputer sareng server anu tiasa dianggo kalayan solusi modéren anu tiasa ngadeteksi eksploitasi kerentanan anu dipikanyaho sareng teu kadeteksi.


#Microsoft #Juli #Patch #Salasa

Teu lila ti harita, rohangan média kaamanan IT ieu sakali deui pinuh ku laporan riang yén Microsoft tungtungna dikubur Internet Explorer (IE). Hayu urang recap carita panjang kumaha browser pang populerna di dunya ieu laun dipotong tina sistem rojongan hirup na, sarta nalungtik lamun éta tungtungna waktu pikeun girang (spoiler: éta henteu).

Internet Explorer: hirup jeung maot kronis

Kami ngingetkeun jalma anu henteu nyaksian (atanapi hilap) taun 2000-an yén, harita, Internet Explorer maréntah wéb, kalayan langkung ti 90% pangsa pasar browser. Hésé percanten ayeuna, tapi Explorer langkung dominan tibatan juara ayeuna, Google Chrome, ayeuna.

Nanging, ti saprak Chrome diluncurkeun taun 2008, popularitas Explorer terus-terusan turun. Urang tiasa nganggap 2012 salaku ahir jaman Explorer, nalika Chrome tungtungna nyandak alih. Kitu cenah, pangakuan resmi munggaran Microsoft ngeunaan kanyataan ieu ngan ukur sumping dina 2015.

Éta teras, sakaligus sareng sékrési Windows 10, perusahaan ngumumkeun yén éta nutup pangwangunan dina Internet Explorer sareng ngenalkeun Edge salaku browser standar pikeun Windows, nyirian fase mimiti mareuman IE. Versi asli Edge didamel ku mesin EdgeHTML milik Microsoft, modifikasi tina MSHTML (ogé katelah Trident), anu didasarkeun ku Internet Explorer.

Tangtosna, Edge gaduh modeu kasaluyuan IE. Sanajan kitu, Explorer, dina versi sabelas jeung final na, masih terpadu kana sistem operasi. Kituna dimimitian jaman browser dual, nalika Tepi jeung Explorer tos dipasang dina Windows, nu (spoiler sejen) terus nepi ka poé ieu.

Tilu taun ti harita, dina bulan Désémber 2018, sumping fase kadua: Microsoft ngantunkeun usaha salajengna pikeun ngembangkeun mesin sorangan sareng ngaluncurkeun vérsi Edge anu énggal, waktos ieu dumasar kana Chromium. Browser ieu ogé gaduh mode kasaluyuan IE. Sareng Explorer masih tinggaleun dina sistem.

Dina 2021, Microsoft ngarilis énggal Windows 11. Ayeuna teu mungkin deui pikeun boot sareng nganggo Explorer salaku browser mandiri — sahenteuna sacara téoritis. Sanajan kitu, Edge masih nahan mode kasaluyuan IE na. Sareng Explorer sorangan masih aya dina sistem, janten, saatos ngulik éta, masih tiasa dijalankeun.

Sababaraha taun saatos éta, nembé Pébruari 2023, aya warta yén Microsoft tungtungna maéhan Explorer dina pembaruan pangénggalna. Kudéta, ngeureunkeun kasangsaraan anu kejam ieu. Tapi, dina pamariksaan anu langkung caket, tétéla yén anjing kolot éta masih ngambekan!…

Nonaktipkeun henteu hartosna ngahapus

Hal kahiji anu sadar ngeunaan apdet Windows nyaeta aranjeunna henteu ngahapus Explorer tina sistem operasi; anjeunna mareuman eta. Dina prakna, ieu ngandung harti yén Explorer henteu tiasa deui diluncurkeun salaku browser mandiri (waktos ieu pasti). Nanging, Edge, sacara resmi hiji-hijina browser dina Windows, masih gaduh mode anu cocog sareng IE. Ieu ngandung harti yén Explorer masih hirup – lamun teu cukup najong di: eta aya ngan pikeun mastikeun operasi mode ieu.

Ayeuna upami anjeun nyobian muka Explorer, Edge bakal dijalankeun. Sareng di jerona, upami anjeun hoyong, anjeun tiasa milih modeu kasaluyuan IE. Hasilna, Explorer bakal terus nyicingan Windows nepi ka ahirna Microsoft mutuskeun pikeun ngubur mode kasaluyuan IE.

Patch pikeun nganonaktipkeun IE henteu tiasa dianggo dina sadaya sistem

Komo mareuman Explorer henteu mutlak. Aya ton sistem operasi anu dibebaskeun tina kéngingkeun apdet anu maéhan IE. Microsoft parantos nyebarkeun daptar pengecualian ieu:

  • Windows 8.1
  • Windows 7 Extended Security Update (ESU)
  • Windows Server Semi-Annual Channel (SAC), sadaya vérsi
  • Windows 10 IoT Long Term Service Channel (LTSC), sadaya vérsi
  • Windows Server LTSC, sadaya vérsi
  • Windows 10 LTSC klien, sadaya vérsi
  • Windows 10 Édisi Pamaréntah Cina

Dina basa sejen, pamaké sistem operasi ieu malah teu narima parobahan disebutkeun di luhur. Aranjeunna masih tiasa ngajalankeun Internet Explorer salaku browser mandiri.

Naon masalahna?

Masalahna nyaéta sapanjang sareng browser anu luntur pisan, sadaya kerentananna (tambah anu henteu acan kapendak) bakal tetep aya dina sistem. Hiji-hijina bédana nyata antara nganonaktipkeun IE “saméméh” jeung “sanggeus” éta bisa jadi bit leuwih hese mangpaatkeun browser rentan ieu dina tipe tangtu serangan.

Salaku ilustrasi anu jelas ngeunaan naon anu salah, urang tiasa nginget kerentanan CVE-2021-40444. Kapanggih dina mesin MSHTML Internet Explorer dina 2021. Naon deui, dina waktos éta kapanggih, kerentanan ieu parantos dieksploitasi dina serangan ngalawan pangguna Microsoft Office. Panyerang ngalengkepan dokumén Office sareng elemen ActiveX anu jahat, anu ngamungkinkeun palaksanaan kode jauh saatos pangguna muka file trojan.

Naha Microsoft henteu ngubur Explorer keur alus? Masalahna nyaéta panyungsi ieu mangrupikeun hiji-hijina pilihan anu tiasa dianggo pikeun seueur perusahaan anu lami teuing, salami waktos éta parantos nyebarkeun akar anu jero kana infrastrukturna. Sababaraha perusahaan ieu masih teu tiasa pisah sareng warisan jaman baheula anu poék ieu. Janten, demi kasaluyuan (sapi suci pikeun Microsoft), browser anu satengah maot parantos diseret tina OS ka OS langkung ti dasawarsa ayeuna.

Kumaha tetep ditangtayungan

Tina katingalna, urang sigana bakal ngantosan sahenteuna sababaraha taun deui sateuacan Internet Explorer tungtungna leres-leres kaluar tina kasusahna. Ku alatan éta, iwal mun hayang ngadagoan MS tungtungna maéhan IE pikeun alus, (anu kami kacida nyarankeun ngalawan), éta hadé pikeun ngatur ritual panungtungan sorangan:

  • Upami perusahaan anjeun masih nganggo téknologi anu aya hubunganana sareng Internet Explorer, cobian leupaskeun éta sareng gentos kana téknologi modéren. Serius, ieu kedah dilakukeun 10 taun ka pengker.
  • Teras, nalika anjeun henteu peryogi deui kasaluyuan IE, éta hadé pikeun nganonaktipkeun browser dina sadaya sistem operasi anu anjeun anggo. Pikeun sistem operasi anu didaptarkeun di luhur, ieu kedah dilakukeun sacara manual – halaman wéb Microsoft ngagaduhan daptar petunjuk anu tiasa dipikahartos ngeunaan cara ngalakukeun ieu. Pikeun sakabéh sistem séjén, pastikeun patch Microsoft relevan dipasang.
  • Numutkeun naséhat Microsoft, anjeun kedah teras-terasan masang apdet kaamanan anu tiasa dianggo pikeun Internet Explorer bahkan saatos anjeun nganonaktipkeun aranjeunna, upami tiasa dianggo, sabab sababaraha komponén browser tetep aya dina sistem.
  • Sareng, tangtosna, nyebarkeun panyalindungan anu dipercaya dina sadaya alat di perusahaan anjeun.


#Microsoft #ngubur #Internet #Explorer #Tapi #teu #lengkep #deui